* Urgh. Do setgid() before setuid(), because the semantics of setgid()

changes completely depending on whether you're root...
author: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-05T18·28+0000
committer: Eelco Dolstra <e.dolstra@tudelft.nl> 2006-12-05T18·28+0000
commit: 44cad9630f25f7f1c6a9263c031e453170b2f489 (patch)
tree: b654ef0c23835a4855c4f0cff64af141778d0acd /src
parent: 6f0d05032410873bd5cdb573b998c7a7939d09b5 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 6e71c2c7d4e7..e4829883f936 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1364,13 +1364,13 @@ void DerivationGoal::startBuilder()
                 if (setgroups(0, 0) == -1)
                     throw SysError("cannot clear the set of supplementary groups");
                 
-                setuid(buildUser.getUID());
-                assert(getuid() == buildUser.getUID());
-                assert(geteuid() == buildUser.getUID());
-
                 setgid(gidBuildGroup);
                 assert(getgid() == gidBuildGroup);
                 assert(getegid() == gidBuildGroup);
+
+                setuid(buildUser.getUID());
+                assert(getuid() == buildUser.getUID());
+                assert(geteuid() == buildUser.getUID());
             }
             
             /* Execute the program.  This should not return. */
author	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-05T18·28+0000
committer	Eelco Dolstra <e.dolstra@tudelft.nl>	2006-12-05T18·28+0000
commit	44cad9630f25f7f1c6a9263c031e453170b2f489 (patch)
tree	b654ef0c23835a4855c4f0cff64af141778d0acd /src
parent	6f0d05032410873bd5cdb573b998c7a7939d09b5 (diff)