Merge pull request #506 from gravitational/ev/groups

Ev/groups

build.assets/Dockerfile

@@ -40,7 +40,7 @@ RUN (apt-get update && apt-get install -q -y \
     apt-get -y autoclean; apt-get -y clean
 
 # Install Golang:
-RUN (mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/go1.6.1.linux-amd64.tar.gz | tar xz;\
+RUN (mkdir -p /opt && cd /opt && curl https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz | tar xz;\
      mkdir -p /gopath/src/github.com/gravitational/teleport;\
      chmod a+w /gopath;\
      chmod a+w /var/lib)

lib/srv/exec.go

@@ -138,6 +138,7 @@ func prepareCommand(ctx *ctx, cmd string) (*exec.Cmd, error) {
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
+
 	// get user's shell:
 	shell, err := utils.GetLoginShell(ctx.login)
 	if err != nil {
@@ -182,7 +183,28 @@ func prepareCommand(ctx *ctx, cmd string) (*exec.Cmd, error) {
 		return nil, trace.Wrap(err)
 	}
 	if me.Uid != osUser.Uid || me.Gid != osUser.Gid {
-		c.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
+		userGroups, err := osUser.GroupIds()
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		groups := make([]uint32, 0)
+		for _, sgid := range userGroups {
+			igid, err := strconv.Atoi(sgid)
+			if err != nil {
+				log.Warnf("Cannot interpret user group: '%v'", sgid)
+			} else {
+				groups = append(groups, uint32(igid))
+			}
+		}
+		if len(groups) == 0 {
+			groups = append(groups, uint32(gid))
+		}
+		c.SysProcAttr.Credential = &syscall.Credential{
+			Uid:    uint32(uid),
+			Gid:    uint32(gid),
+			Groups: groups,
+		}
+		c.SysProcAttr.Setsid = true
 	}
 
 	// apply environment variables passed from the client