Jonathan de Boyne Pollard schrob:
> > My inability to see the issue came from the fact that all other similar
> > programs (I'm aware of) do in fact add the supplementary groups.
> >
> Then you are not aware of Bernstein daemontools, where setuidgid does not.
> (-:
Well, I am aware of their existance, but I've never used them, only
various descendants. I even suspected they might not handle
supplementary groups, because e.g. s6-envuidgid introduces GIDLIST to
deal with them.
> Setting only one group was the behaviour of the original tool. Setting the
> supplementary groups as well is behaviour that others added to their
> toolsets later. Bruce Guenter (in daemontools-encore) and I added it as an
> optional behaviour for setuidgid.
Yes. Apparently everyone re-implementing daemontools does something like
this. So that brings me back to my original question: is there consensus
that the historical behaviour is a bug? Or are there valid use cases¹?
cheers,
Jan
¹) Besides when the account has no supplementary groups, obviously.
Received on Tue Aug 20 2019 - 10:04:33 UTC