From 6969ebcfcfa9382ce2a845e1b462d26de12c0c36 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Wed, 20 Aug 2003 23:25:52 +0000
Subject: [PATCH] Call setgroups(1, &gid) after setting the gid (rather than
 calling setgroups(0, NULL) before).

---
 clientserver.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/clientserver.c b/clientserver.c
index f0bb5d4f..7f85432d 100644
--- a/clientserver.c
+++ b/clientserver.c
@@ -344,16 +344,6 @@ static int rsync_module(int f_in, int f_out, int i)
 	}
 
 	if (am_root) {
-#ifdef HAVE_SETGROUPS
-		/* Get rid of any supplementary groups this process
-		 * might have inheristed. */
-		if (setgroups(0, NULL)) {
-			rsyserr(FERROR, errno, "setgroups failed");
-			io_printf(f_out, "@ERROR: setgroups failed\n");
-			return -1;
-		}
-#endif
-
 		/* XXXX: You could argue that if the daemon is started
 		 * by a non-root user and they explicitly specify a
 		 * gid, then we should try to change to that gid --
@@ -369,6 +359,15 @@ static int rsync_module(int f_in, int f_out, int i)
 			io_printf(f_out, "@ERROR: setgid failed\n");
 			return -1;
 		}
+#ifdef HAVE_SETGROUPS
+		/* Get rid of any supplementary groups this process
+		 * might have inheristed. */
+		if (setgroups(1, &gid)) {
+			rsyserr(FERROR, errno, "setgroups failed");
+			io_printf(f_out, "@ERROR: setgroups failed\n");
+			return -1;
+		}
+#endif
 
 		if (setuid(uid)) {
 			rsyserr(FERROR, errno, "setuid %d failed", (int) uid);
-- 
2.34.1