diff -ur pure-ftpd-1.0.21/pure-config/pure-config.h pure-ftpd-1.0.21.new/pure-config/pure-config.h --- pure-ftpd-1.0.21/pure-config/pure-config.h 2005-06-18 12:39:55.000000000 +0200 +++ pure-ftpd-1.0.21.new/pure-config/pure-config.h 2009-02-03 15:00:10.358021471 +0100 @@ -82,6 +82,7 @@ { NULL, '\0', /* 'I' */ "MaxIdleTime", CFG_STR, (void*) &opt[I], 0 }, { NULL, '\0', /* 'k' */ "MaxDiskUsage", CFG_STR, (void*) &opt[I], 0 }, { NULL, '\0', /* 'a' */ "TrustedGID", CFG_STR, (void*) &opt[I], 0 }, +{ NULL, '\0', /* '2' */ "AdditionalGID", CFG_STR, (void*) &opt[I], 0 }, { NULL, '\0', /* 'c' */ "MaxClientsNumber", CFG_STR, (void*) &opt[I], 0 }, { NULL, '\0', /* 'C' */ "MaxClientsPerIP", CFG_STR, (void*) &opt[I], 0 }, { NULL, '\0', /* 'm' */ "MaxLoad", CFG_STR, (void*) &opt[I], 0 }, @@ -153,6 +154,7 @@ { "-I", "--maxidletime=" }, { "-k", "--maxdiskusage=" }, { "-a", "--trustedgid=" }, + { "-2", "--additionalgid=" }, { "-c", "--maxclientsnumber=" }, { "-C", "--maxclientsperip=" }, { "-m", "--maxload=" }, diff -ur pure-ftpd-1.0.21/src/ftpd.c pure-ftpd-1.0.21.new/src/ftpd.c --- pure-ftpd-1.0.21/src/ftpd.c 2009-02-03 15:37:58.538020766 +0100 +++ pure-ftpd-1.0.21.new/src/ftpd.c 2009-02-03 15:41:41.582021928 +0100 @@ -1104,7 +1104,10 @@ { #ifndef NON_ROOT_FTP # ifdef HAVE_SETGROUPS - if (setgroups(1U, &gid) != 0) { + gid_t gids[2]; + gids[0] = gid; + gids[1] = chroot_additionalgid; + if (setgroups(want_additionalgid ? 2L : 1L, gids) != 0) { return -1; } # else @@ -5078,6 +5081,19 @@ no_truncate = 1; break; } + case '2': { + const char *nptr; + char *endptr; + + nptr = optarg; + endptr = NULL; + chroot_additionalgid = strtoul(nptr, &endptr, 0); + if (!nptr || !*nptr || !endptr || *endptr) { + die(421, LOG_ERR, MSG_CONF_ERR ": " MSG_ILLEGAL_TRUSTED_GID " (XXX: additional): %s" , optarg); + } + want_additionalgid = 1; + break; + } case '4': { bypass_ipv6 = 1; break; diff -ur pure-ftpd-1.0.21/src/ftpd_p.h pure-ftpd-1.0.21.new/src/ftpd_p.h --- pure-ftpd-1.0.21/src/ftpd_p.h 2006-02-06 22:57:21.000000000 +0100 +++ pure-ftpd-1.0.21.new/src/ftpd_p.h 2009-02-03 15:35:47.946311240 +0100 @@ -60,7 +60,7 @@ }; static const char *GETOPT_OPTIONS = - "0146" + "012:46" #ifdef WITH_RFC2640 "8:9:" #endif @@ -112,6 +112,7 @@ static struct option long_options[] = { { "notruncate", 0, NULL, '0' }, { "logpid", 0, NULL, '1' }, + { "additionalgid", 1, NULL, '2' }, { "ipv4only", 0, NULL, '4' }, { "ipv6only", 0, NULL, '6' }, #ifdef WITH_RFC2640 diff -ur pure-ftpd-1.0.21/src/globals.h pure-ftpd-1.0.21.new/src/globals.h --- pure-ftpd-1.0.21/src/globals.h 2006-02-15 09:55:00.000000000 +0100 +++ pure-ftpd-1.0.21.new/src/globals.h 2009-02-03 15:13:13.234021509 +0100 @@ -37,6 +37,8 @@ GLOBAL0(signed char userchroot); /* don't chroot() by default for regular users */ GLOBAL0(signed char chrooted); /* if we already chroot()ed */ GLOBAL0(uid_t chroot_trustedgid); +GLOBAL(int want_additionalgid, 0); +GLOBAL0(gid_t chroot_additionalgid); GLOBAL0(signed char broken_client_compat); /* don't enable workarounds by default */ GLOBAL0(uid_t warez); /* don't guard against warez */ GLOBAL0(signed char debug); /* don't give debug output */ --- pure/configuration-file/pure-config.pl.in~ 2009-02-03 15:47:24.346020364 +0100 +++ pure/configuration-file/pure-config.pl.in 2009-02-03 15:48:34.678184463 +0100 @@ -64,6 +64,7 @@ my %numeric_switch_for = ( MaxIdleTime => "-I", MaxDiskUsage => "-k", + AdditionalGID => "-2", TrustedGID => "-a", MaxClientsNumber => "-c", MaxClientsPerIP => "-C",