diff -ru3 cups-2.0.0-old/scheduler/cups-exec.c cups-2.0.0/scheduler/cups-exec.c --- cups-2.0.0-old/scheduler/cups-exec.c 2014-11-04 19:55:05.734768315 +0300 +++ cups-2.0.0/scheduler/cups-exec.c 2014-11-04 20:24:15.936670878 +0300 @@ -25,6 +25,7 @@ #include #include #include +#include #include #ifdef HAVE_SANDBOX_H # include @@ -55,6 +56,7 @@ uid_t uid = getuid(); /* UID */ gid_t gid = getgid(); /* GID */ int niceval = 0; /* Nice value */ + struct passwd *pwd; /* User passwd entry */ #ifdef HAVE_SANDBOX_H char *sandbox_error = NULL; /* Sandbox error, if any */ #endif /* HAVE_SANDBOX_H */ @@ -135,7 +137,15 @@ if (setgid(gid)) exit(errno + 100); - if (setgroups(1, &gid)) + if (uid) + { + if ((pwd = getpwuid(uid)) == NULL) + exit(errno + 100); + + if (initgroups(pwd->pw_name, gid)) + exit(errno + 100); + } + else if (setgroups(1, &gid)) exit(errno + 100); if (uid && setuid(uid)) diff -ru3 cups-2.0.0-old/scheduler/process.c cups-2.0.0/scheduler/process.c --- cups-2.0.0-old/scheduler/process.c 2014-11-04 19:55:05.736768298 +0300 +++ cups-2.0.0/scheduler/process.c 2014-11-04 20:23:55.001850057 +0300 @@ -19,6 +19,7 @@ #include "cupsd.h" #include +#include #ifdef __APPLE__ # include #endif /* __APPLE__ */ @@ -462,6 +463,7 @@ cups_exec[1024]; /* Path to "cups-exec" program */ uid_t user; /* Command UID */ cupsd_proc_t *proc; /* New process record */ + struct passwd *pwd; /* User passwd entry */ #ifdef HAVE_POSIX_SPAWN posix_spawn_file_actions_t actions; /* Spawn file actions */ posix_spawnattr_t attrs; /* Spawn attributes */ @@ -716,13 +718,22 @@ nice(FilterNice); /* - * Reset group membership to just the main one we belong to. + * Reset group membership to the main one we belong to with its + * supplementary groups. */ if (!RunUser && setgid(Group)) exit(errno + 100); - if (!RunUser && setgroups(1, &Group)) + if (!RunUser && user) + { + if ((pwd = getpwuid(user)) == NULL) + exit(errno + 100); + + if (initgroups(pwd->pw_name, Group)) + exit(errno + 100); + } + else if (!RunUser && setgroups(1, &Group)) exit(errno + 100); /*