From 410933939a74e42874dd580bfe0051b3222185a5 Mon Sep 17 00:00:00 2001
From: Tor Egge <Tor.Egge@oath.com>
Date: Mon, 12 Mar 2018 11:29:46 +0000
Subject: Changes to allow unprivileged vespa.

---
 configd/src/apps/su/main.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'configd/src')

diff --git a/configd/src/apps/su/main.cpp b/configd/src/apps/su/main.cpp
index ceecc71ae5a..abef5c69036 100644
--- a/configd/src/apps/su/main.cpp
+++ b/configd/src/apps/su/main.cpp
@@ -28,17 +28,20 @@ int main(int argc, char** argv)
     gid_t g = p->pw_gid;
     uid_t u = p->pw_uid;
 
-    if (setgid(g) != 0) {
+    gid_t oldg = getgid();
+    uid_t oldu = getuid();
+
+    if (g != oldg && setgid(g) != 0) {
         perror("FATAL error: could not change group id");
         exit(1);
     }
     size_t listsize = 1;
     gid_t grouplist[1] = { g };
-    if (setgroups(listsize, grouplist) != 0) {
+    if ((g != oldg || u != oldu) && setgroups(listsize, grouplist) != 0) {
         perror("FATAL error: could not setgroups");
         exit(1);
     }
-    if (setuid(u) != 0) {
+    if (u != oldu && setuid(u) != 0) {
         perror("FATAL error: could not change user id");
         exit(1);
     }
-- 
cgit v1.2.3