Re: chpst -u and supplementary groups

From: Jan Braun <janbraun_at_gmx.de>
Date: Tue, 20 Aug 2019 12:04:33 +0200

Jonathan de Boyne Pollard schrob:
> > My inability to see the issue came from the fact that all other similar
> > programs (I'm aware of) do in fact add the supplementary groups.
> >
> Then you are not aware of Bernstein daemontools, where setuidgid does not.
> (-:

Well, I am aware of their existance, but I've never used them, only
various descendants. I even suspected they might not handle
supplementary groups, because e.g. s6-envuidgid introduces GIDLIST to
deal with them.

> Setting only one group was the behaviour of the original tool. Setting the
> supplementary groups as well is behaviour that others added to their
> toolsets later. Bruce Guenter (in daemontools-encore) and I added it as an
> optional behaviour for setuidgid.

Yes. Apparently everyone re-implementing daemontools does something like
this. So that brings me back to my original question: is there consensus
that the historical behaviour is a bug? Or are there valid use cases¹?

cheers,
    Jan

¹) Besides when the account has no supplementary groups, obviously.




Received on Tue Aug 20 2019 - 10:04:33 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC