Fixed ICE-5304 - IceGrid node doesn't initialize supplementary groups

1 files changed, 32 insertions, 1 deletions

diff --git a/cpp/src/IceGrid/Activator.cpp b/cpp/src/IceGrid/Activator.cpp
index 8b82e567cf4..4fa62779a04 100644
--- a/cpp/src/IceGrid/Activator.cpp
+++ b/cpp/src/IceGrid/Activator.cpp
@@ -28,6 +28,7 @@
 #ifndef _WIN32
 #   include <sys/wait.h>
 #   include <signal.h>
+#   include <pwd.h> // for getpwuid
 #else
 #ifndef SIGKILL
 #   define SIGKILL 9
@@ -37,6 +38,10 @@
 #endif
 #endif
 
+#ifdef __linux
+#   include <grp.h> // for initgroups
+#endif
+
 using namespace std;
 using namespace Ice;
 using namespace IceInternal;
@@ -658,7 +663,33 @@ Activator::activate(const string& name,
             os << gid;
             reportChildError(getSystemErrno(), errorFds[1], "cannot set process group id", os.str().c_str(),
                              _traceLevels);
-        }           
+        }
+
+        errno = 0;
+        struct passwd* pw = getpwuid(uid);
+        if(!pw)
+        {
+            if(errno)
+            {
+                reportChildError(getSystemErrno(), errorFds[1], "cannot read the password database", "",
+                                 _traceLevels);
+            }
+            else
+            {
+                ostringstream os;
+                os << uid;
+                reportChildError(getSystemErrno(), errorFds[1], "unknown user uid"  , os.str().c_str(),
+                                 _traceLevels);
+            }
+        }
+
+        if(initgroups(pw->pw_name, gid) == -1)
+        {
+            ostringstream os;
+            os << pw->pw_name;
+            reportChildError(getSystemErrno(), errorFds[1], "cannot initialize process supplementary group access list for user", 
+                             os.str().c_str(), _traceLevels);
+        }
         
         if(setuid(uid) == -1)
         {