34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
|
diff --git a/source/daemons/shepherd/shepherd.c b/source/daemons/shepherd/shepherd.c
|
||
|
index 5af1463..e7b2831 100644
|
||
|
--- a/source/daemons/shepherd/shepherd.c
|
||
|
+++ b/source/daemons/shepherd/shepherd.c
|
||
|
@@ -299,17 +299,24 @@ static int handle_io_file(const char* file, const char* owner, bool rw) {
|
||
|
}
|
||
|
}
|
||
|
|
||
|
- /* reset egid and euid to the stored values */
|
||
|
- if (sge_seteuid(old_euid) != 0) {
|
||
|
- shepherd_trace("Cannot reset euid %s due to %s", owner, strerror(errno));
|
||
|
- SGE_CLOSE(fd);
|
||
|
+ /* set effective user-id to root again, because only root is allowed to change
|
||
|
+ * the euid to any other than the current user-id. */
|
||
|
+ if (sge_seteuid(SGE_SUPERUSER_UID) != 0) {
|
||
|
+ shepherd_trace("Cannot become root due to %s", strerror(errno));
|
||
|
return -1;
|
||
|
}
|
||
|
+
|
||
|
+ /* reset egid and euid to the stored values (e.g. those of the sgeadmin user) */
|
||
|
if (sge_setegid(old_egid) != 0) {
|
||
|
shepherd_trace("Cannot reset egid %s due to %s", owner, strerror(errno));
|
||
|
SGE_CLOSE(fd);
|
||
|
return -1;
|
||
|
}
|
||
|
+ if (sge_seteuid(old_euid) != 0) {
|
||
|
+ shepherd_trace("Cannot reset euid %s due to %s", owner, strerror(errno));
|
||
|
+ SGE_CLOSE(fd);
|
||
|
+ return -1;
|
||
|
+ }
|
||
|
|
||
|
return fd;
|
||
|
}
|