From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2661 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Jonathan de Boyne Pollard Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: chpst -u and supplementary groups Date: Tue, 20 Aug 2019 08:25:15 +0100 Message-ID: <1222e286-60ed-4790-7aa9-6c4f78c52cd0@NTLWorld.COM> References: <20190819120807.v4f2xe2mwjky3p2p@klumpi.ignorelist.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="152614"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 To: supervision@list.skarnet.org Original-X-From: supervision-return-2251-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Aug 20 09:25:19 2019 Return-path: Envelope-to: gcsg-supervision@m.gmane.org Original-Received: from alyss.skarnet.org ([95.142.172.232]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1hzyW6-000dak-Oq for gcsg-supervision@m.gmane.org; Tue, 20 Aug 2019 09:25:18 +0200 Original-Received: (qmail 12400 invoked by uid 89); 20 Aug 2019 07:25:43 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Original-Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Original-Received: (qmail 12393 invoked from network); 20 Aug 2019 07:25:43 -0000 X-Originating-IP: [86.10.101.211] X-Authenticated-User: J.deBoynePollard-newsgroups@NTLWorld.COM X-Spam: 0 X-Authority: v=2.3 cv=dLqIZtRb c=1 sm=1 tr=0 a=FQ5CjUvp3JFI4KFGyeqcZw==:117 a=FQ5CjUvp3JFI4KFGyeqcZw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=N659UExz7-8A:10 a=rg2V61WcAAAA:8 a=CMQ_oNYfAAAA:8 a=QOXfjolN5623amJ4El4A:9 a=fRKtmrlKwKo-pXH1:21 a=DPbwMCcQeIFxTDZG:21 a=pILNOxqGKmIA:10 a=YNrrzoqfyewA:10 a=h2Zpg1Gm_F5nnxfnuFwt:22 a=91SG0tC5QKwpUHKn1HxV:22 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ntlworld.com; s=meg.feb2017; t=1566285915; bh=FC+5rzqcO1O2Fjlq8EF6CXyXvR/JGnN7RXttvAqR5DU=; h=Subject:To:References:From:Date:In-Reply-To; b=2YjAq7ZAA588kyBMgZ8/uw6Sz8U1hw2EUmONpdxdCrVG9T73aS7lyXll8vsdQwPSB SVN0YasGuPITEsxzhytJlgCUVIeWWdTRoJdamp+J3LTLOUbC3vLQXv/KlLeCnhgAcp GlttHOdCs9iHSGk90Pw6IZ6yhdlBF7lRJXU5mw42CuVIcx1loUA1Xzb4WQ70zDSDDF grr2OAtgrQVsBFJ8Q7GLGVnHv5L1fYBd7LKvZ3hgsHSv8reT2BmqYHNCjFZMat69Y3 2bJCrVPJD2CyMjKVe1gThQ2aTqd58hrirOb955LU+EUugvmFtJRACy4Zx1RIaqOdPW v7XNec3BaEoFw== In-Reply-To: <20190819120807.v4f2xe2mwjky3p2p@klumpi.ignorelist.com> X-CMAE-Envelope: MS4wfLUZq6B2t/vyBSoUlIQH9e6aavy0SiO5KCNUCxGbhizILXuoPf4p+GnfCOWKDV/QnUix+FL36IPjnVHY+DSQRHxqKsO+ORc2klmk5rprsE6MUMQsPPI2 DFykHeV3QoD46zKn1t+JBfbYTNq1AAstHUDobCzY5J9EJr0O5N0M3zCxYo0bCjB9ncvmz+sqGyPvFF8TIhvliQ4SJNNi7tabhBWTIuV0Uia10h+JboYBxlec Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2661 Archived-At: > My inability to see the issue came from the fact that all other > similar programs (I'm aware of) do in fact add the supplementary groups. > Then you are not aware of Bernstein daemontools, where setuidgid does not. (-: # /package/admin/djbwares/command/setuidgid operator id uid=2(operator) gid=5(operator) groups=5(operator) # * http://jdebp.uk./Softwares/djbwares/guide/commands/setuidgid.xml Setting only one group was the behaviour of the original tool. Setting the supplementary groups as well is behaviour that others added to their toolsets later. Bruce Guenter (in daemontools-encore) and I added it as an optional behaviour for setuidgid. # /package/admin/nosh/command/setuidgid operator id uid=2(operator) gid=5(operator) groups=5(operator) # /package/admin/nosh/command/setuidgid --supplementary operator id uid=2(operator) gid=5(operator) groups=5(operator),1298(log) # * http://jdebp.uk./Softwares/nosh/guide/commands/setuidgid.xml * http://untroubled.org/daemontools-encore/setuidgid.8.html