lib: restrict_access_by_env() - Preserve RESTRICT_SETEXTRAGROUPS if root isn't dropped

This way service { extra_groups } is preserved for the whole duration of the
process lifetime (e.g. lmtp, doveadm)

diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c
index 76f347dcc993fb1da87dd5347c6072a3e8ef4892..c189ad38086c6eb8725ccf3fba006b7ca78f86bc 100644 (file)
--- a/src/lib/restrict-access.c
+++ b/src/lib/restrict-access.c
@@ -466,7 +466,14 @@ void restrict_access_by_env(const char *home, bool disallow_root)
        }
        env_remove("RESTRICT_GID_FIRST");
        env_remove("RESTRICT_GID_LAST");
-       env_remove("RESTRICT_SETEXTRAGROUPS");
+       if (getuid() != 0)
+               env_remove("RESTRICT_SETEXTRAGROUPS");
+       else {
+               /* Preserve RESTRICT_SETEXTRAGROUPS, so if we're again dropping
+                  more privileges we'll still preserve the extra groups. This
+                  mainly means preserving service { extra_groups } for lmtp
+                  and doveadm accesses. */
+       }
        env_remove("RESTRICT_USER");
        env_remove("RESTRICT_CHROOT");
 }