Re: utmps privilege

From: Laurent Bercot <>
Date: Sun, 25 Jun 2023 18:37:58 +0000

> What's happening is that utmps-utmpd only checks the value of the
>*primary* gid of the client. It does not check supplementary groups.
>I agree that it's counter-intuitive, and will see I can fix that.

  Unfortunately, no, that's not fixable. The credentials-passing
mechanism used by s6-ipcserverd (the superserver for utmps-utmpd) only
transmits the primary gid, not the supplementary groups; and I'm not
aware of another reasonably portable credentials-passing mechanism,
let alone that transmits supplementary groups - except the suid
mechanism, which, no.

  So you're going to have to keep setting your *primary* group to utmp
if you want to modify the utmp database as a regular user. Sorry.

Received on Sun Jun 25 2023 - 20:37:58 CEST

This archive was generated by hypermail 2.4.0 : Sun Jun 25 2023 - 20:38:28 CEST