X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/c9983bc7d8855f4d7dfb09c99491576beb8168ae..9d4331bd1c82769679d5bd640599d7afdd9c9734:/ikiwiki-mass-rebuild

diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild
index 5b6a90b90..f13033e7f 100755
--- a/ikiwiki-mass-rebuild
+++ b/ikiwiki-mass-rebuild
@@ -2,6 +2,36 @@
 use warnings;
 use strict;
 
+sub supplemental_groups {
+	my $user=shift;
+
+	my @list;
+	while (my @fields=getgrent()) {
+		if (grep { $_ eq $user } split(' ', $fields[3])) {
+			push @list, $fields[2];
+		}
+	}
+
+	return @list;
+}
+
+sub samelists {
+	my %a=map { $_ => 1 } split(' ', shift());
+	my %b=map { $_ => 1 } split(' ', shift());
+
+	foreach my $i (keys %b) {
+		if (! exists $a{$i}) {
+			return 0;
+		}
+	}
+	foreach my $i (keys %a) {
+		if (! exists $b{$i}) {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 sub processline {
 	my $user=shift;
 	my $setup=shift;
@@ -20,15 +50,20 @@ sub processline {
 	defined(my $pid = fork) or die "Can’t fork: $!";
 	if (! $pid) {
 		my ($uuid, $ugid) = (getpwnam($user))[2, 3];
-		$)="$ugid $ugid";
+		my $grouplist=join(" ", $ugid, sort {$a <=> $b} $ugid, supplemental_groups($user));
+		if (! samelists(($)=$grouplist), $grouplist)) {
+			die "failed to set egid $grouplist (got back $))";
+		}
 		$(=$ugid;
-		$>=$uuid;
 		$<=$uuid;
-		if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+		$>=$uuid;
+		if ($< != $uuid || $> != $uuid || $( != $ugid) {
 			die "failed to drop permissions to $user";
 		}
-		%ENV=();
-		$ENV{HOME}=(getpwnam($user))[7];
+		%ENV=(
+			PATH => $ENV{PATH},
+			HOME => (getpwnam($user))[7],
+		);
 		exec("ikiwiki", "-setup", $setup, @ARGV);
 		die "failed to run ikiwiki: $!";
 	}