Hopefully the last change to the setuid code. Only call initgroups()

if getuid() == 0.  Don't call ns_os_changeuser() more than once (it
could happen on Linux).

The code in its current form doesn't check for root before calling
setgid() or setuid(), since they'll fail and print reasonable error
messages (unless -u is supplied with the non-root user that ran named,
in which case it would succeed).  The call to initgroups() would fail for
non root, so it shouldn't be tried.

The previous (as of a few days ago) code just ignored the -u parameter
when named was run as non-root.  This was not good.

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: os.c,v 1.24 2000/07/07 22:10:54 bwelling Exp $ */
+/* $Id: os.c,v 1.25 2000/07/07 23:53:35 bwelling Exp $ */
 
 #include <config.h>
 
@@ -44,6 +44,7 @@ static isc_boolean_t non_root = ISC_FALSE;
 #endif
 
 static struct passwd *runas_pw = NULL;
+static isc_boolean_t done_setuid = ISC_FALSE;
 
 #ifdef HAVE_LINUX_CAPABILITY_H
 
@@ -263,7 +264,7 @@ ns_os_chroot(const char *root) {
 
 void
 ns_os_inituserinfo(const char *username) {
-	if (username == NULL || getuid() != 0)
+	if (username == NULL)
 		return;
 
 	if (all_digits(username))
@@ -278,17 +279,21 @@ ns_os_inituserinfo(const char *username) {
 
 void
 ns_os_changeuser(void) {
-	if (runas_pw == NULL)
+	if (runas_pw == NULL || done_setuid)
 		return;
 
+	done_setuid = ISC_TRUE;
+
 #ifdef HAVE_LINUXTHREADS
 	if (!non_root_caps)
 		ns_main_earlyfatal(
 		   "-u not supported on Linux kernels older than 2.3.99-pre3");
 #endif	
 
-	if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0)
-		ns_main_earlyfatal("initgroups(): %s", strerror(errno));
+	if (getuid() == 0) {
+		if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0)
+			ns_main_earlyfatal("initgroups(): %s", strerror(errno));
+	}
 
 	if (setgid(runas_pw->pw_gid) < 0)
 		ns_main_earlyfatal("setgid(): %s", strerror(errno));