Jonathan de Boyne Pollard schrob: > > My inability to see the issue came from the fact that all other similar > > programs (I'm aware of) do in fact add the supplementary groups. > > > Then you are not aware of Bernstein daemontools, where setuidgid does not. > (-:
Well, I am aware of their existance, but I've never used them, only
various descendants. I even suspected they might not handle
supplementary groups, because e.g. s6-envuidgid introduces GIDLIST to
deal with them.
> Setting only one group was the behaviour of the original tool. Setting the
> supplementary groups as well is behaviour that others added to their
> toolsets later. Bruce Guenter (in daemontools-encore) and I added it as an
> optional behaviour for setuidgid.
Yes. Apparently everyone re-implementing daemontools does something like
this. So that brings me back to my original question: is there consensus
that the historical behaviour is a bug? Or are there valid use cases¹?
cheers,
Jan
¹) Besides when the account has no supplementary groups, obviously.
signature.asc
Description: PGP signature
