Re: chpst -u and supplementary groups - Jonathan de Boyne Pollard

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM>
To: supervision@list.skarnet.org
Subject: Re: chpst -u and supplementary groups
Date: Tue, 20 Aug 2019 08:25:15 +0100	[thread overview]
Message-ID: <1222e286-60ed-4790-7aa9-6c4f78c52cd0@NTLWorld.COM> (raw)
In-Reply-To: <20190819120807.v4f2xe2mwjky3p2p@klumpi.ignorelist.com>

> My inability to see the issue came from the fact that all other 
> similar programs (I'm aware of) do in fact add the supplementary groups.
>
Then you are not aware of Bernstein daemontools, where setuidgid does 
not.  (-:

# /package/admin/djbwares/command/setuidgid operator id
uid=2(operator) gid=5(operator) groups=5(operator)
#

* http://jdebp.uk./Softwares/djbwares/guide/commands/setuidgid.xml

Setting only one group was the behaviour of the original tool. Setting 
the supplementary groups as well is behaviour that others added to their 
toolsets later.  Bruce Guenter (in daemontools-encore) and I added it as 
an optional behaviour for setuidgid.

# /package/admin/nosh/command/setuidgid operator id
uid=2(operator) gid=5(operator) groups=5(operator)
# /package/admin/nosh/command/setuidgid --supplementary operator id
uid=2(operator) gid=5(operator) groups=5(operator),1298(log)
#

* http://jdebp.uk./Softwares/nosh/guide/commands/setuidgid.xml

* http://untroubled.org/daemontools-encore/setuidgid.8.html

next prev parent reply	other threads:[~2019-08-20  7:25 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-19 12:08 Jan Braun
2019-08-19 19:33 ` Steve Litt
2019-08-19 22:06 ` Bougy Man
2019-08-20  7:25 ` Jonathan de Boyne Pollard [this message]
2019-08-20 10:04   ` Jan Braun
2019-08-20 18:21     ` Laurent Bercot
2019-08-21  3:50       ` Jan Braun
2019-08-20 18:25 ` Cameron Nemo
2019-08-21  3:22   ` Jan Braun
2019-08-21 22:26     ` Steve Litt
2019-08-27 23:44 Jeff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1222e286-60ed-4790-7aa9-6c4f78c52cd0@NTLWorld.COM \
    --to=j.deboynepollard-newsgroups@ntlworld.com \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).