+/* Drops privileges (if configured to do so). */
+static void switch_user(void)
+{
+ struct passwd *pwd;
+ struct group *grp = NULL;
+ const char *username, *groupname;
+ gid_t gid;
+
+ username = getStrConf(USERNAME);
+ groupname = getStrConf(GROUPNAME);
+
+ if (!*username) {
+ /* It's an error to specify groupname
+ * but leave username empty.
+ */
+ if (*groupname)
+ Log_fatal("username missing");
+
+ /* Nothing to do. */
+ return;
+ }
+
+ pwd = getpwnam(username);
+ if (!pwd)
+ Log_fatal("Unknown user '%s'", username);
+
+ if (!*groupname)
+ gid = pwd->pw_gid;
+ else {
+ grp = getgrnam(groupname);
+
+ if (!grp)
+ Log_fatal("Unknown group '%s'", groupname);
+
+ gid = grp->gr_gid;
+ }
+
+ if (initgroups(pwd->pw_name, gid))
+ Log_fatal("initgroups() failed: %s", strerror(errno));
+
+ if (setgid(gid))
+ Log_fatal("setgid() failed: %s", strerror(errno));
+
+ if (setuid(pwd->pw_uid))
+ Log_fatal("setuid() failed: %s", strerror(errno));
+
+ if (!grp)
+ grp = getgrgid(gid);
+ if (!grp)
+ Log_fatal("getgrgid() failed: %s", strerror(errno));
+
+ Log_info("Switch to user '%s' group '%s'", pwd->pw_name, grp->gr_name);
+}