From 410233547dec6ff9c9767305e4766c549a8d624e Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 5 Apr 2023 12:25:17 +0000 Subject: systemd: set User/Group and don't change uid/gid if already set --- data/meson.build | 2 +- data/polkit.service.in | 2 ++ src/polkitbackend/polkitd.c | 11 +++++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/data/meson.build b/data/meson.build index 27ab76a..651d2cf 100644 --- a/data/meson.build +++ b/data/meson.build @@ -1,4 +1,4 @@ -service_conf = {'libprivdir': pk_prefix / pk_libprivdir} +service_conf = {'libprivdir': pk_prefix / pk_libprivdir, 'polkitd_user': polkitd_user} configure_file( input: 'org.freedesktop.PolicyKit1.service.in', diff --git a/data/polkit.service.in b/data/polkit.service.in index 9665043..88138e8 100644 --- a/data/polkit.service.in +++ b/data/polkit.service.in @@ -6,3 +6,5 @@ Documentation=man:polkit(8) Type=dbus BusName=org.freedesktop.PolicyKit1 ExecStart=@libprivdir@/polkitd --no-debug +User=@polkitd_user@ +Group=@polkitd_user@ diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f..d63aae2 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -117,6 +117,14 @@ become_user (const gchar *user, goto out; } + if ((geteuid () == pw->pw_uid) && (getuid () == pw->pw_uid) && + (getegid () == pw->pw_gid) && (getgid () == pw->pw_gid)) + { + /* already running as user */ + ret = TRUE; + goto out; + } + if (setgroups (0, NULL) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, @@ -151,6 +159,7 @@ become_user (const gchar *user, ret = TRUE; + g_print ("Successfully changed to user %s\n", user); out: return ret; @@ -212,8 +221,6 @@ main (int argc, goto out; } - g_print ("Successfully changed to user %s\n", POLKITD_USER); - if (g_getenv ("PATH") == NULL) g_setenv ("PATH", "/usr/bin:/bin:/usr/sbin:/sbin", TRUE); -- cgit v1.2.1