diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c --- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid 2011-07-25 16:38:48.040555555 +0200 +++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-25 16:52:22.751025667 +0200 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -303,6 +304,22 @@ static int private_dir(pam_handle_t *pam return 1; } if (pid == 0) { + /* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */ + gid_t *groups; + int grn = 0; + + getgrouplist(pwd->pw_name,pwd->pw_gid,NULL,&grn); + groups = malloc(sizeof(gid_t)*grn); + if (groups == NULL) { + syslog(LOG_ERR, "Error allocating memory for group list"); + _exit(255); + } + getgrouplist(pwd->pw_name, pwd->pw_gid, groups, &grn); + if (setgroups(grn, groups) < 0) { + syslog(LOG_ERR, "Unable to set user's supplementary groups : %m"); + _exit(255); + } + if (mount == 1) { if ((asprintf(&recorded, "%s/.ecryptfs/.wrapped-passphrase.recorded",