On 06/25/2014 01:17 PM, Petr Stodůlka wrote:
> Hi,
>
> command 'id' prints wrong groups for the session. This is similar to reported
> bug #7320 [0],
> which was patched earlier for 'groups' and 'id -G', however just 'id' still
> prints wrong groups.
> I propose this patch based on previous solution:
> ----------------------------------------------------------------------
> diff --git a/src/id.c b/src/id.c
> index 3348f80..6cfe884 100644
> --- a/src/id.c
> +++ b/src/id.c
> @@ -399,8 +399,12 @@ print_full_info (const char *username)
> gid_t *groups;
> int i;
>
> - int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
> - &groups);
> + int n_groups;
> + if(username)
> + n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
> + &groups);
> + else
> + n_groups = xgetgroups (username, egid, &groups);
> if (n_groups < 0)
> {
> if (username)
> --------------------------------------------------------------------
>
> [0] http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7320
Logic looks correct.
The attached refactors slightly, and adds a test and NEWS.
I'll apply upon your ack.
thanks!
Pádraig.
>From 2fd678d1201dbb1c877aba139190b0ac1025964f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Stod=C5=AFlka?= <pstod...@redhat.com>
Date: Wed, 25 Jun 2014 18:26:23 +0100
Subject: [PATCH] id: output the effective group for the process
* src/id.c (print_full_info): When no user is specified,
output the effective group for the _process_, rather than
the default group from the system database, which may be different.
* tests/id/setgid.sh: Add a case for `id` as well as `id -G`.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/7320
Reported at http://bugzilla.redhat.com/1016163
---
NEWS | 6 ++++++
src/id.c | 19 ++++++++++---------
tests/id/setgid.sh | 9 +++++++--
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/NEWS b/NEWS
index 6532785..e5ea77c 100644
--- a/NEWS
+++ b/NEWS
@@ -67,6 +67,12 @@ GNU coreutils NEWS -*- outline -*-
now copies all input to stdout. Previously nothing was output in this case.
[bug introduced with the --lines=-N feature in coreutils-5.0.1]
+ id, when invoked with no user name argument, now prints the correct group ID.
+ Previously, in the default output format, it would print the default group ID
+ in the password database, which may be neither real nor effective. For e.g.,
+ when run set-GID, or when the database changes outside the current session.
+ [bug introduced in coreutils-8.1]
+
ln -sf now replaces symbolic links whose targets can't exist. Previously
it would display an error, requiring --no-dereference to avoid the issue.
[bug introduced in coreutils-5.3.0]
diff --git a/src/id.c b/src/id.c
index 3348f80..f46bb41 100644
--- a/src/id.c
+++ b/src/id.c
@@ -399,19 +399,20 @@ print_full_info (const char *username)
gid_t *groups;
int i;
- int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
- &groups);
+ gid_t primary_group;
+ if (username)
+ primary_group = pwd ? pwd->pw_gid : -1;
+ else
+ primary_group = egid;
+
+ int n_groups = xgetgroups (username, primary_group, &groups);
if (n_groups < 0)
{
if (username)
- {
- error (0, errno, _("failed to get groups for user %s"),
- quote (username));
- }
+ error (0, errno, _("failed to get groups for user %s"),
+ quote (username));
else
- {
- error (0, errno, _("failed to get groups for the current process"));
- }
+ error (0, errno, _("failed to get groups for the current process"));
ok = false;
return;
}
diff --git a/tests/id/setgid.sh b/tests/id/setgid.sh
index aa43ea3..a81b42c 100755
--- a/tests/id/setgid.sh
+++ b/tests/id/setgid.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-# Verify that id -G prints the right group when run set-GID.
+# Verify that id [-G] prints the right group when run set-GID.
# Copyright (C) 2012-2014 Free Software Foundation, Inc.
@@ -27,9 +27,14 @@ gp1=$(expr $g + 1)
echo $gp1 > exp || framework_failure_
+# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
id -G > out || fail=1
compare exp out || fail=1
-# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+
+# With coreutils-8.22 and earlier, id would erroneously print groups=$g
+chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
+ id > out || fail=1
+grep -F "groups=$gp1" out || fail=1
Exit $fail
--
1.7.7.6
