summaryrefslogtreecommitdiff
path: root/cpp/src/IceGrid/Activator.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/IceGrid/Activator.cpp')
-rw-r--r--cpp/src/IceGrid/Activator.cpp33
1 files changed, 32 insertions, 1 deletions
diff --git a/cpp/src/IceGrid/Activator.cpp b/cpp/src/IceGrid/Activator.cpp
index 8b82e567cf4..4fa62779a04 100644
--- a/cpp/src/IceGrid/Activator.cpp
+++ b/cpp/src/IceGrid/Activator.cpp
@@ -28,6 +28,7 @@
#ifndef _WIN32
# include <sys/wait.h>
# include <signal.h>
+# include <pwd.h> // for getpwuid
#else
#ifndef SIGKILL
# define SIGKILL 9
@@ -37,6 +38,10 @@
#endif
#endif
+#ifdef __linux
+# include <grp.h> // for initgroups
+#endif
+
using namespace std;
using namespace Ice;
using namespace IceInternal;
@@ -658,7 +663,33 @@ Activator::activate(const string& name,
os << gid;
reportChildError(getSystemErrno(), errorFds[1], "cannot set process group id", os.str().c_str(),
_traceLevels);
- }
+ }
+
+ errno = 0;
+ struct passwd* pw = getpwuid(uid);
+ if(!pw)
+ {
+ if(errno)
+ {
+ reportChildError(getSystemErrno(), errorFds[1], "cannot read the password database", "",
+ _traceLevels);
+ }
+ else
+ {
+ ostringstream os;
+ os << uid;
+ reportChildError(getSystemErrno(), errorFds[1], "unknown user uid" , os.str().c_str(),
+ _traceLevels);
+ }
+ }
+
+ if(initgroups(pw->pw_name, gid) == -1)
+ {
+ ostringstream os;
+ os << pw->pw_name;
+ reportChildError(getSystemErrno(), errorFds[1], "cannot initialize process supplementary group access list for user",
+ os.str().c_str(), _traceLevels);
+ }
if(setuid(uid) == -1)
{
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 13:20:28 +0000