Jonathan de Boyne Pollard schrob:
> > My inability to see the issue came from the fact that all other similar
> > programs (I'm aware of) do in fact add the supplementary groups.
> > 
> Then you are not aware of Bernstein daemontools, where setuidgid does not.
> (-:

Well, I am aware of their existance, but I've never used them, only
various descendants. I even suspected they might not handle
supplementary groups, because e.g. s6-envuidgid introduces GIDLIST to
deal with them.

> Setting only one group was the behaviour of the original tool. Setting the
> supplementary groups as well is behaviour that others added to their
> toolsets later.  Bruce Guenter (in daemontools-encore) and I added it as an
> optional behaviour for setuidgid.

Yes. Apparently everyone re-implementing daemontools does something like
this. So that brings me back to my original question: is there consensus
that the historical behaviour is a bug? Or are there valid use cases¹?

cheers,
    Jan

¹) Besides when the account has no supplementary groups, obviously.