lib: restrict_access_by_env() - Preserve RESTRICT_SETEXTRAGROUPS if root isn't dropped

This way service { extra_groups } is preserved for the whole duration of the
process lifetime (e.g. lmtp, doveadm)

diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c
index 36f6bca98a6a6eb35d424ac3f8ae3de4ef05cc22..1d5ed5c39c666a69c867f3223d430870968d9bac 100644 (file)
--- a/src/lib/restrict-access.c
+++ b/src/lib/restrict-access.c
@@ -467,7 +467,14 @@ void restrict_access_by_env(enum restrict_access_flags flags, const char *home)
        }
        env_remove("RESTRICT_GID_FIRST");
        env_remove("RESTRICT_GID_LAST");
-       env_remove("RESTRICT_SETEXTRAGROUPS");
+       if (getuid() != 0)
+               env_remove("RESTRICT_SETEXTRAGROUPS");
+       else {
+               /* Preserve RESTRICT_SETEXTRAGROUPS, so if we're again dropping
+                  more privileges we'll still preserve the extra groups. This
+                  mainly means preserving service { extra_groups } for lmtp
+                  and doveadm accesses. */
+       }
        env_remove("RESTRICT_USER");
        env_remove("RESTRICT_CHROOT");
 }