Merge pull request #2507 from monoidic/priv

sebix · web-flow · commit b3096ba7e508 · 2024-07-09T09:00:04.000+02:00
ENH: utils: acquire groups of intelmq user in drop_privileges
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 ### Configuration
 
 ### Core
+- `intelmq.lib.utils.drop_privileges`: When IntelMQ is called as `root` and dropping the privileges to user `intelmq`, also set the non-primary groups associated with the `intelmq` user. Makes the behaviour of running intelmqctl as `root` closer to the behaviour of `sudo -u intelmq ...` (PR#2507 by Mikk Margus Möll).
 
 ### Development
 
diff --git a/intelmq/lib/utils.py b/intelmq/lib/utils.py
@@ -692,6 +692,7 @@ def drop_privileges() -> bool:
     """
     if os.geteuid() == 0:
         try:
+            os.setgroups([group.gr_gid for group in grp.getgrall() if 'intelmq' in group.gr_mem])
             os.setgid(grp.getgrnam('intelmq').gr_gid)
             os.setuid(pwd.getpwnam('intelmq').pw_uid)
         except (OSError, KeyError):
