On Tue, 9 Mar 2021 at 15:43, Kazuo Kuroi <ka...@irixnet.org> wrote: > That's a good suggestion. but I suggest that if your code can't run on > UNIX platforms that it would need an include guard against it.
I completely understand your concern. I would hope that the changes would be system-agnostic: the idea would merely be that if the setgroups (or indeed setuid) call fails, it checks if the current running user is the same as the login user and ignores the failure if so. It could be simplified further by just skipping all the setuid and setgroup code if the login user is the same as the running user, but I'm not sure if that would always be acceptable (there may be some systems where the group calls need to be made even if the users are the same?) so I thought it would be best to add the check after failure. Geoff