Improved groups/gid handling.

src/service/libc.cr

@@ -13,6 +13,8 @@ lib LibC
 	fun setuid(Int32) : Int32
 	fun setgid(Int32) : Int32
 	fun getpwnam(Char*) : Passwd*
+
+	fun initgroups(Char*, Int32) : Int32
 end
 
 module System
@@ -25,10 +27,12 @@ module System
 
 		passwd = pointer.value
 
-		become_user passwd.pw_uid, passwd.pw_uid
+		uid = passwd.pw_uid
-	end
+		gid = passwd.pw_gid
+
+		r = LibC.initgroups user_name, passwd.pw_gid
+		raise Errno.new "initgroups" if r != 0
 
-	def self.become_user(uid, gid)
 		r = LibC.setgid gid
 		raise Errno.new "setgid" if r != 0
 
@@ -36,21 +40,4 @@ module System
 		raise Errno.new "setuid" if r != 0
 	end
 end
-#def get_uid_gid(user_name : String)
-#	pointer = LibC.getpwnam user_name.to_unsafe
-#
-#	if pointer.null?
-#		return nil
-#	end
-#
-#	passwd = pointer.value
-#
-#	{passwd.pw_uid, passwd.pw_gid}
-#end
-
-#uid, gid = get_uid_gid("http").not_nil!
-#LibC.setuid uid
-#LibC.setgid gid
-
-#puts Process.run "whoami", output: Process::Redirect::Inherit
 

src/service/service.cr

@@ -301,7 +301,7 @@ class Service
 			child = Process.fork do
 				Dir.cd root
 
-				System.become_user uid, gid
+				System.become_user user_name
 
 				Process.exec "sh", ["-c", creation_command],
 					output: Process::Redirect::Inherit,
@@ -347,7 +347,7 @@ class Service
 			LibC.dup2 stdout_file.fd, 1
 			LibC.dup2 stderr_file.fd, 2
 
-			System.become_user uid, gid
+			System.become_user user_name
 
 			Process.exec command, args,
 				chdir: (@reference.directory.try { |x| evaluate x } || root),