From fbeece112a0dbd2b9adc437af358e9cef2f7bfbd Mon Sep 17 00:00:00 2001
From: Luka Vandervelden <lukc@upyum.com>
Date: Mon, 10 Jun 2019 00:39:15 +0200
Subject: [PATCH] Bugfix.

Bug was revealed through manual integration testing. Checks used to be
ran as unpriviledged user instead of the actual service command (duh~).
---
 src/service/service.cr | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/service/service.cr b/src/service/service.cr
index a83ed07..07031ca 100644
--- a/src/service/service.cr
+++ b/src/service/service.cr
@@ -143,13 +143,6 @@ class Service
 			puts "  - #{check.name}"
 
 			child = Process.fork do
-				@reference.user.try do |user|
-					unless System.become_user user
-						STDERR << "service: child could not setuid() to user '#{user}'.\n"
-						exit 1
-					end
-				end
-
 				Process.exec "sh", ["-c", evaluate check.command], output: Process::Redirect::Inherit, error: Process::Redirect::Inherit
 			end.wait
 
@@ -171,6 +164,13 @@ class Service
 			LibC.dup2 stdout_file.fd, 1
 			LibC.dup2 stderr_file.fd, 2
 
+			@reference.user.try do |user|
+				unless System.become_user user
+					STDERR << "service: child could not setuid() to user '#{user}'.\n"
+					exit 1
+				end
+			end
+
 			Process.exec command, args, chdir: @reference.directory
 		end