veyron/services/mgmt/suidhelper/impl: setgid before uid
In the suidhelper, set the gid before setting uid in case the uid does
not have permissions to change its gid.
Change-Id: I3cfe8d455d85e0854c188690718ccc22839529f4
diff --git a/services/mgmt/suidhelper/impl/system.go b/services/mgmt/suidhelper/impl/system.go
index 52d96b3..3059e30 100644
--- a/services/mgmt/suidhelper/impl/system.go
+++ b/services/mgmt/suidhelper/impl/system.go
@@ -31,15 +31,15 @@
func (hw *WorkParameters) Exec() error {
if hw.dryrun {
- log.Printf("[dryrun] syscall.Setuid(%d)", hw.uid)
log.Printf("[dryrun] syscall.Setgid(%d)", hw.gid)
+ log.Printf("[dryrun] syscall.Setuid(%d)", hw.uid)
} else {
- if err := syscall.Setuid(hw.uid); err != nil {
- return fmt.Errorf("syscall.Setuid(%d) failed: %v", hw.uid, err)
- }
if err := syscall.Setgid(hw.gid); err != nil {
return fmt.Errorf("syscall.Setgid(%d) failed: %v", hw.gid, err)
}
+ if err := syscall.Setuid(hw.uid); err != nil {
+ return fmt.Errorf("syscall.Setuid(%d) failed: %v", hw.uid, err)
+ }
}
return syscall.Exec(hw.argv0, hw.argv, hw.envv)
}
