svn commit: r1803564 - /uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c

[bu...@apache.org]

Author: burn
Date: Mon Jul 31 19:59:23 2017
New Revision: 1803564

URL: http://svn.apache.org/viewvc?rev=1803564&view=rev
Log:
UIMA-5521 Don't try to switch ids unless the effective id is root

Modified:
    uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c

Modified: uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c?rev=1803564&r1=1803563&r2=1803564&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c (original)
+++ uima/uima-ducc/trunk/uima-ducc-spawn/src/ducc_ling.c Mon Jul 31 19:59:23 2017
@@ -707,13 +707,17 @@ int main(int argc, char **argv, char **e
         pwd = getpwuid(getuid());
         log_stdout("800 Running instead as %s.\n", pwd->pw_name);
     } else {
-        // Invoked by the owning "ducc" id so will try to switch - but may not succeed
-        switch_ids = 1;
+        // Invoked by the owning "ducc" id so check if can switch, i.e. running as root
+        if (geteuid() == 0) {
+            switch_ids = 1;
+        }
     }
 
     //
-    //	fetch target user's passwd structure and try switch identities.
-    //  if not setuid the switch will fail but carry on anyway.
+    //  Fetch target user's passwd structure and switch identities.
+    //  Don't allow a switch to a fake or "system" id.
+    //  If not switching then the target uid may be real or fake. 
+    //  Fake ids are used when running on a simulated cluster.
     //
     if ( switch_ids ) {