Re-implement my fix from rev 1.6 (same rev for both files being committed)

that was lost during the lite-2 merge.  From the original commit message:

Initialize the group list so that any filter programs that are
run by lpd are not run with root's groups.

2 files changed, 20 insertions, 2 deletions

diff --git a/usr.sbin/lpr/lpd/printjob.c b/usr.sbin/lpr/lpd/printjob.c
index a3e3f28..a33289e 100644
--- a/usr.sbin/lpr/lpd/printjob.c
+++ b/usr.sbin/lpr/lpd/printjob.c
@@ -1317,6 +1317,7 @@ dofork(pp, action)
 	int action;
 {
 	register int i, pid;
+	struct passwd *pwd;
 
 	for (i = 0; i < 20; i++) {
 		if ((pid = fork()) < 0) {
@@ -1326,8 +1327,16 @@ dofork(pp, action)
 		/*
 		 * Child should run as daemon instead of root
 		 */
-		if (pid == 0)
+		if (pid == 0) {
+			if ((pwd = getpwuid(pp->daemon_user)) == NULL) {
+				syslog(LOG_ERR, "Can't lookup default daemon uid (%d) in password file",
+				    pp->daemon_user);
+				break;
+			}
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
 			setuid(pp->daemon_user);
+		}
 		return(pid);
 	}
 	syslog(LOG_ERR, "can't fork");
diff --git a/usr.sbin/lpr/runqueue/printjob.c b/usr.sbin/lpr/runqueue/printjob.c
index c5f7990..a1f3e23 100644
--- a/usr.sbin/lpr/runqueue/printjob.c
+++ b/usr.sbin/lpr/runqueue/printjob.c
@@ -1307,6 +1307,7 @@ dofork(pp, action)
 	int action;
 {
 	register int i, pid;
+	struct passwd *pwd;
 
 	for (i = 0; i < 20; i++) {
 		if ((pid = fork()) < 0) {
@@ -1316,8 +1317,16 @@ dofork(pp, action)
 		/*
 		 * Child should run as daemon instead of root
 		 */
-		if (pid == 0)
+		if (pid == 0) {
+			if ((pwd = getpwuid(pp->daemon_user)) == NULL) {
+				syslog(LOG_ERR, "Can't lookup default daemon uid (%d) in password file",
+				    pp->daemon_user);
+				break;
+			}
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
 			setuid(pp->daemon_user);
+		}
 		return(pid);
 	}
 	syslog(LOG_ERR, "can't fork");