self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 02:03:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed "supplemental groups" problem

Browse source
This commit is contained in:
Ev Kontsevoy 2016-08-18 16:57:50 -07:00
parent 1a8246ea94
commit 377d1436d9
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
lib/srv/exec.go
View file

@ -138,6 +138,7 @@ func prepareCommand(ctx *ctx, cmd string) (*exec.Cmd, error) {
if err != nil {
return nil, trace.Wrap(err)
}
// get user's shell:
shell, err := utils.GetLoginShell(ctx.login)
if err != nil {
@ -182,7 +183,28 @@ func prepareCommand(ctx *ctx, cmd string) (*exec.Cmd, error) {
return nil, trace.Wrap(err)
}
if me.Uid != osUser.Uid || me.Gid != osUser.Gid {
c.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
userGroups, err := osUser.GroupIds()
if err != nil {
return nil, trace.Wrap(err)
}
groups := make([]uint32, 0)
for _, sgid := range userGroups {
igid, err := strconv.Atoi(sgid)
if err != nil {
log.Warnf("Cannot interpret user group: '%v'", sgid)
} else {
groups = append(groups, uint32(igid))
}
}
if len(groups) == 0 {
groups = append(groups, uint32(gid))
}
c.SysProcAttr.Credential = &syscall.Credential{
Uid: uint32(uid),
Gid: uint32(gid),
Groups: groups,
}
c.SysProcAttr.Setsid = true
}
// apply environment variables passed from the client