Hi Jim, Jim Meyering <j...@meyering.net> writes:
> The trouble is that this code appears to be doing incomplete > "su" emulation, in that it does not set the supplementary groups. Actually the intent of this snippet was to mimic Nix’ build process: https://svn.nixos.org/repos/nix/nix/trunk/src/libstore/build.cc Specifically this part: --8<---------------cut here---------------start------------->8--- if (setgroups(0, 0) == -1) throw SysError("cannot clear the set of supplementary groups"); if (setgid(buildUser.getGID()) == -1 || getgid() != buildUser.getGID() || getegid() != buildUser.getGID()) throw SysError("setgid failed"); if (setuid(buildUser.getUID()) == -1 || getuid() != buildUser.getUID() || geteuid() != buildUser.getUID()) throw SysError("setuid failed"); --8<---------------cut here---------------end--------------->8--- I guess one way to fix it would be to have /etc/{passwd,group} match this code. I’ll see what can be done. Thanks, Ludo’.
