From f9cfab1e0d1183eb5e948b6dabc6017b9e261704 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Sun, 16 Aug 2020 22:20:14 -0400
Subject: Only call setgroups as root

setgroups fails when already running as a user.
---
 service.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/service.c b/service.c
index 3178f79..78890b8 100644
--- a/service.c
+++ b/service.c
@@ -187,8 +187,10 @@ void serviceStart(struct Service *service) {
 		error = setgid(serviceGID);
 		if (error) err(ExitNoExec, "setgid");
 
-		error = setgroups(1, &serviceGID);
-		if (error) err(ExitNoExec, "setgroups");
+		if (!getuid()) {
+			error = setgroups(1, &serviceGID);
+			if (error) err(ExitNoExec, "setgroups");
+		}
 
 		error = setuid(serviceUID);
 		if (error) err(ExitNoExec, "setuid");
-- 
cgit 1.4.1

option value='wiki'>wiki</option>
</optgroup></select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>web frontend for git
</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/cgit-pink/about/'>about</a> <a href='/cgit-pink/'>summary</a> <a href='/cgit-pink/refs/?id=034e3c7d56ba71ce281886fe8525b16d4559fac1'>refs</a> <a class='active' href='/cgit-pink/log/html.h?follow=1'>log</a> <a href='/cgit-pink/tree/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1'>tree</a> <a href='/cgit-pink/commit/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1&amp;follow=1'>commit</a> <a href='/cgit-pink/diff/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1&amp;follow=1'>diff</a></td><td class='form'><form class='right' method='get' action='/cgit-pink/log/html.h'>
<input type='hidden' name='id' value='034e3c7d56ba71ce281886fe8525b16d4559fac1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/cgit-pink/log/?id=034e3c7d56ba71ce281886fe8525b16d4559fac1&amp;follow=1'>root</a>/<a href='/cgit-pink/log/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1&amp;follow=1'>html.h</a> (<a href='/cgit-pink/log/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/cgit-pink/log/html.h?id=034e3c7d56ba71ce281886fe8525b16d4559fac1&amp;showmsg=1&amp;follow=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-06-25 21:40:59 +0200'>2019-06-25</span></td><td><a href='/cgit-pink/commit/ui-tree.c?id=e1ad15d368bdeb1bffea588b93a29055c5dfb7f4&amp;follow=1'>ui-tree: allow per repository override for enable-blame</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2019-06-05 15:38:14 +0200'>2019-06-05</span></td><td><a href='/cgit-pink/commit/tests/t0001-validate-git-versions.sh?id=27a6d69ab38825602bdbd5a5d0161e465326ea8d&amp;follow=1'>tests: successfully validate rc versions</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2019-06-05 15:37:49 +0200'>2019-06-05</span></td><td><a href='/cgit-pink/commit/ui-tree.c?id=985fba80d06f37fdba5e72d738ce21ab5ab5a76d&amp;follow=1'>git: update to v2.21.0</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2019-06-05 15:37:49 +0200'>2019-06-05</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?id=68de710c1c0e9b823a156b1398643601a682fbf9&amp;follow=1'>ui-ssdiff: ban strncat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2019-06-05 15:37:49 +0200'>2019-06-05</span></td><td><a href='/cgit-pink/commit/ui-tree.c?id=ccba7eb9d0c43ffe99178ab6632dc3794f887309&amp;follow=1'>global: make 'char *path' const where possible</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2019-05-20 21:53:16 +0200'>2019-05-20</span></td><td><a href='/cgit-pink/commit/ui-shared.c?id=54c407a74a35d4ee9ffae94cc5bc9096c9f7f54a&amp;follow=1'>ui-shared: restrict to 15 levels</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2019-02-23 00:09:17 +0100'>2019-02-23</span></td><td><a href='/cgit-pink/commit/ui-tag.c?id=bd0293f57015ede637b630fcaf4fc11e7697d777&amp;follow=1'>ui-diff,ui-tag: don't use htmlf with non-formatted strings</a></td><td>Chris Mayo</td></tr>
<tr><td><span title='2019-02-23 00:08:50 +0100'>2019-02-23</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?id=5bd7e9bc1b6749bbb5220d6c3a990469a7b839ae&amp;follow=1'>ui-ssdiff: resolve HTML5 validation errors</a></td><td>Chris Mayo</td></tr>
<tr><td><span title='2019-01-03 02:12:16 +0100'>2019-01-03</span></td><td><a href='/cgit-pink/commit/filters/simple-authentication.lua?id=7d87cd3a215976a480b3c71b017a191597e5cb44&amp;follow=1'>filters: migrate from luacrypto to luaossl</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2019-01-02 16:13:57 +0100'>2019-01-02</span></td><td><a href='/cgit-pink/commit/ui-shared.c?id=e23f63461f17aeb770d47d9c3134414e549d1f0e&amp;follow=1'>ui-shared: fix broken sizeof in title setting and rewrite</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-12-09 23:28:26 +0100'>2018-12-09</span></td><td><a href='/cgit-pink/commit/ui-snapshot.c?id=55ebd5e97ccd0da9424d68f1e0f301551cf4b47a&amp;follow=1'>git: update to v2.20.0</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-11-25 06:01:34 +0100'>2018-11-25</span></td><td><a href='/cgit-pink/commit/ui-blame.c?id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>ui-blame: set repo for sb</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-11-25 06:01:34 +0100'>2018-11-25</span></td><td><a href='/cgit-pink/commit/ui-shared.h?id=898b9e19e0eacd67456ddcc91ff173055e1c0e99&amp;follow=1'>auth-filter: pass url with query string attached</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-11-21 02:30:41 +0100'>2018-11-21</span></td><td><a href='/cgit-pink/commit/Makefile?id=a22855747e97e55a7b7a2622fe671b8ca9af0981&amp;follow=1'>git: use xz compressed archive for download</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-10-12 23:06:02 +0200'>2018-10-12</span></td><td><a href='/cgit-pink/commit/ui-tree.c?id=2c9f56f3e1c754f60ccffbc6c745b9d5a81ea005&amp;follow=1'>git: update to v2.19.1</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?id=a96f2890f41e0b9b0ffa1bcdb1dddbef28c01662&amp;follow=1'>ui-ssdiff: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?id=0899eb644fab415e9a3b304f53da9da50aaf91aa&amp;follow=1'>ui-ssdiff: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-shared.c?id=2fc008d6dea2456548825c973a5516b5cdfd9c8c&amp;follow=1'>ui-shared: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-patch.c?id=edb3403f00f14ac5cc23b9ba3a122cb4ee8b81fa&amp;follow=1'>ui-patch: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?id=7f75647b5565076b70d7c619df08e6c64dac9386&amp;follow=1'>ui-log: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?id=71ba7187e5eeeaf2f66bc27bc3b48a2014d37bb7&amp;follow=1'>ui-log: ban strcpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?id=60a930044d57faae4fcb84cba9d85310b0c767a7&amp;follow=1'>parsing: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?id=7cde5885d8ce53359ee665bb930b1da956e8369a&amp;follow=1'>parsing: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-28 14:37:19 +0200'>2018-08-28</span></td><td><a href='/cgit-pink/commit/filters/html-converters/md2html?id=b0fc647fe61c19338aec65ffcab513cc84599b18&amp;follow=1'>filters: generate anchor links from markdown</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/Makefile?id=824138e59194acaf5efe53690d4ef6eaf38e1549&amp;follow=1'>Bump version.</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/ui-clone.c?id=53efaf30b50f095cad8c160488c74bba3e3b2680&amp;follow=1'>clone: fix directory traversal</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 16:12:21 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/cgit.c?id=c679d9010451b986bae719a6abe0458af2b2dfb9&amp;follow=1'>config: record repo.snapshot-prefix in the per-repo config</a></td><td>Konstantin Ryabitsev
	Commit message (Expand)	Author
2019-06-25	ui-tree: allow per repository override for enable-blame	Christian Hesse
2019-06-05	tests: successfully validate rc versions	Christian Hesse
2019-06-05	git: update to v2.21.0	Christian Hesse
2019-06-05	ui-ssdiff: ban strncat()	Christian Hesse
2019-06-05	global: make 'char *path' const where possible	Christian Hesse
2019-05-20	ui-shared: restrict to 15 levels	Jason A. Donenfeld
2019-02-23	ui-diff,ui-tag: don't use htmlf with non-formatted strings	Chris Mayo
2019-02-23	ui-ssdiff: resolve HTML5 validation errors	Chris Mayo
2019-01-03	filters: migrate from luacrypto to luaossl	Jason A. Donenfeld
2019-01-02	ui-shared: fix broken sizeof in title setting and rewrite	Jason A. Donenfeld
2018-12-09	git: update to v2.20.0	Christian Hesse
2018-11-25	ui-blame: set repo for sb	Jason A. Donenfeld
2018-11-25	auth-filter: pass url with query string attached	Jason A. Donenfeld
2018-11-21	git: use xz compressed archive for download	Christian Hesse
2018-10-12	git: update to v2.19.1	Christian Hesse
2018-09-11	ui-ssdiff: ban strcat()	Christian Hesse
2018-09-11	ui-ssdiff: ban strncpy()	Christian Hesse
2018-09-11	ui-shared: ban strcat()	Christian Hesse
2018-09-11	ui-patch: ban sprintf()	Christian Hesse
2018-09-11	ui-log: ban strncpy()	Christian Hesse
2018-09-11	ui-log: ban strcpy()	Christian Hesse
2018-09-11	parsing: ban sprintf()	Christian Hesse
2018-09-11	parsing: ban strncpy()	Christian Hesse
2018-08-28	filters: generate anchor links from markdown	Christian Hesse
2018-08-03	Bump version.	Jason A. Donenfeld
2018-08-03	clone: fix directory traversal	Jason A. Donenfeld
2018-08-03	config: record repo.snapshot-prefix in the per-repo config	Konstantin Ryabitsev