On Tue, Dec 26, 2023 at 07:17:51PM +0100, Daniel Sahlberg wrote: > Hi, > > apr_uid_current() can retur the user id and primary group id of a user. Is > there a way to find out if a user also has secondary groups (something > similar to getgrouplist(3)? > > The Subversion project has some bug reports where a user has R/W access to > a certain file via a secondary group, but APR doesn't pick up the secondary > groups and thus we don't think the user has R/W access. I'd like to improve > this by also considering all secondary groups.
How are you testing for readability/writability here exactly? On Unix the right way is using access() but there isn't an APR wrapper for it. (Trying to manually check against user/groups is not a reliable way to test, not just because of groups but also because of things like setuid processes and RBAC systems which may exist on top of the user/groups.) Regards, Joe