From bd2590437161bff2a07f1d9d6b228a393c2c466e Mon Sep 17 00:00:00 2001
From: "Scott E. Graves" <scott.e.graves@protonmail.com>
Date: Mon, 21 Oct 2024 08:30:26 -0500
Subject: [PATCH] fix

---
 .../src/drives/fuse/fuse_drive.cpp            | 36 +++++++++++--------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/repertory/librepertory/src/drives/fuse/fuse_drive.cpp b/repertory/librepertory/src/drives/fuse/fuse_drive.cpp
index ab9e7955..786556b6 100644
--- a/repertory/librepertory/src/drives/fuse/fuse_drive.cpp
+++ b/repertory/librepertory/src/drives/fuse/fuse_drive.cpp
@@ -79,23 +79,31 @@ auto fuse_drive::chown_impl(std::string api_path, uid_t uid, gid_t gid,
 auto fuse_drive::chown_impl(std::string api_path, uid_t uid, gid_t gid)
     -> api_error {
 #endif
-  return check_and_perform(api_path, X_OK,
-                           [&](api_meta_map &meta) -> api_error {
-                             meta.clear();
-                             if (uid != static_cast<uid_t>(-1)) {
-                               meta[META_UID] = std::to_string(uid);
-                             }
+  return check_and_perform(
+      api_path, X_OK, [&](api_meta_map &meta) -> api_error {
+        meta.clear();
+        if (uid != static_cast<uid_t>(-1)) {
+          if (get_effective_uid() != 0) {
+            return api_error::permission_denied;
+          }
+          meta[META_UID] = std::to_string(uid);
+        }
 
-                             if (gid != static_cast<gid_t>(-1)) {
-                               meta[META_GID] = std::to_string(gid);
-                             }
+        if (gid != static_cast<gid_t>(-1)) {
+          if (get_effective_uid() != 0) {
+            if (not utils::is_uid_member_of_group(get_effective_uid(), gid)) {
+              return api_error::permission_denied;
+            }
+          }
+          meta[META_GID] = std::to_string(gid);
+        }
 
-                             if (not meta.empty()) {
-                               return provider_.set_item_meta(api_path, meta);
-                             }
+        if (not meta.empty()) {
+          return provider_.set_item_meta(api_path, meta);
+        }
 
-                             return api_error::success;
-                           });
+        return api_error::success;
+      });
 }
 
 auto fuse_drive::create_impl(std::string api_path, mode_t mode,