From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2662 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Jan Braun Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: chpst -u and supplementary groups Date: Tue, 20 Aug 2019 12:04:33 +0200 Message-ID: <20190820100433.rlioufyvxodvwkpc@klumpi.ignorelist.com> References: <20190819120807.v4f2xe2mwjky3p2p@klumpi.ignorelist.com> <1222e286-60ed-4790-7aa9-6c4f78c52cd0@NTLWorld.COM> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iwjyruizqltwekl2" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="52737"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: NeoMutt/20180716 Cc: supervision@list.skarnet.org To: Jonathan de Boyne Pollard Original-X-From: supervision-return-2252-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Aug 20 12:04:42 2019 Return-path: Envelope-to: gcsg-supervision@m.gmane.org Original-Received: from alyss.skarnet.org ([95.142.172.232]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1i010J-000DYI-In for gcsg-supervision@m.gmane.org; Tue, 20 Aug 2019 12:04:39 +0200 Original-Received: (qmail 15187 invoked by uid 89); 20 Aug 2019 10:05:04 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Original-Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Original-Received: (qmail 15180 invoked from network); 20 Aug 2019 10:05:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1566295474; bh=s98UfQW9ZSGgTf6VzZzt33J0VMxDq5GeA3msWv0Q6R8=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:References:In-Reply-To; b=b3IuVpPAKG6U1XZ4rr2dcPRPulf+H9MO9A3wrc+Kudr8w6n62M7vUB31k1akhqqwH wvH4R9anLUgPNm2YNMsTirN6Rgd4hU8Et7CBGQVTyK1tlZYP1XekQkGPFLWY6Ar1HL wB2v9A1OWpxwaZJWxe8WxWQJakghOioOjVHoOxa4= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Mail-Followup-To: Jonathan de Boyne Pollard , supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <1222e286-60ed-4790-7aa9-6c4f78c52cd0@NTLWorld.COM> X-GPG-Fingerprint: 1736 D50F 170B 70A6 9223 BC15 295E 703E 6D1D 2FCF X-GPG-Encryption-Welcome: always X-Provags-ID: V03:K1:4yuYOgNHX/Ha8DW9ODHA14bUvpGB98zZxiY6NVh6jTRwbofFqEX 07odYac73RTLe0XtAQddI+mP1Dv0zTUWKqgLvmoApxyi3IVP8pKVsy8S3EVlZ426t7VtjM9 z2AW3Kce4WVw62I52VBc93axB/cWSRWCWBtoUAd18axNiGWu4qdiUZGg/S4z6dksBgsdDHa 5T+iYD9wFRnCA92UNhHcg== X-UI-Out-Filterresults: notjunk:1;V03:K0:OuBzFHvXLvQ=:VOZLhEA/7UEXsYb1jgTW8U kP/vzjDbXkzaL3PIipGafgQaw0EOK+E23jXIY4Jz2WKajrv+vABnBw5fFlnVxFUo49Q2jP4mg MXigJ7GYhDfd0H5fz08fK8WR/F2HXJyEZKdcVSh2ilRUTFWdhiFIFUZSUSALtHpV+VntTqcie M0vKFFDDypr4zm4KgWoVQmk/IXYAPUMqJDzcK+F35R2LsirGuduGpIwCH62nx2YLo8x0AXqAA 0uJtIc8CmgvexETV/1TdpoS1lKpQ1Icwn3vjDz2cdfVAxTzTSRFD/bl3QxH2zlIhARgLbmPj4 wpLJWZJ7RXg95K1psS3i5ElATm4AJCVDCXKsNZqnHsbjVp4TNNPkvriyoY9k0XUpOpRPmjXcU H5DjzjL97LkUWvrsqvfI+FzD5E6rDsBM8f0F1DMUzCEcprpAcL34VDSO2l7oa2D0Oynjex/fe YxX0V35S2hRathJBbODMqvQH0FjyKtC+OLLp2KHdSY72WOUS2Mk4sRJbHBM2q1siT/1wRo+N6 ypIUsAfRT9qKI+zvXf0tKRJbmwSNuYnG8yTLYEPPoERHkyyrdQRA3tS29w9k3HqJM7xGwAg52 wfP/dbSzQrEK95/EHUwCSaiyQd49Ko3lF9Zz3funyLH8mBJPhv9UUdsHMGNpOphdZeWix/0v8 Ji4bWEARcyzfbYJfXvpHlpukoc5dNHvZVKXbAMP6voGLit6QnpqZfFI3rUFaXgV/zDit0Amtf 2zt5jvpPubPGpSA+ZITPqN/kGHL2q1JLgESRjVlVvjPHY+SnWWS267cujKXxS3dnQY3i1ik4 Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2662 Archived-At: --iwjyruizqltwekl2 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jonathan de Boyne Pollard schrob: > > My inability to see the issue came from the fact that all other similar > > programs (I'm aware of) do in fact add the supplementary groups. > >=20 > Then you are not aware of Bernstein daemontools, where setuidgid does not. > (-: Well, I am aware of their existance, but I've never used them, only various descendants. I even suspected they might not handle supplementary groups, because e.g. s6-envuidgid introduces GIDLIST to deal with them. > Setting only one group was the behaviour of the original tool. Setting the > supplementary groups as well is behaviour that others added to their > toolsets later. Bruce Guenter (in daemontools-encore) and I added it as = an > optional behaviour for setuidgid. Yes. Apparently everyone re-implementing daemontools does something like this. So that brings me back to my original question: is there consensus that the historical behaviour is a bug? Or are there valid use cases=B9? cheers, Jan =B9) Besides when the account has no supplementary groups, obviously. --iwjyruizqltwekl2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFzbVDxcLcKaSI7wVKV5wPm0dL88FAl1bxbEACgkQKV5wPm0d L8/WyQ/7BEKqcAnOaSNqe0+X0PiTFlNZNDnv1p6CGdTht1Yz++obheTm5wrEfsn9 EhcGtav3dESiI63SU0sn03jlJj2oklEmrUIjPBj1/lt1CmtVIAuKpJ0Jsb84Y+sn mdDs8AnGHhcmKhQKuJn37UQwjIvMMehT2/3jExwi4ajLEX4YxsZHGjMmWg73LPM8 8pbUPQkQOMbqytuNNFRTQ3AT898dNv8WWleBc0Y+kiGmT7l1h18AA0YLw0eYCgOL GRYjG4aId/Pvwuy6Yea8eECjC80bwtUPCdISiMIRo2MhZW7dRU8RC+vYnbWS2JpA wXlkpzyhmPeVMwce8TXdLbaoKTj/MRU6ddORHqO17jpSB7ERraL9L/GgVnXAqxHa eH6AX4+IBbqMyeLJHjF/+fWN91RMmbnJQoEbe953ZYfKswZ5JaTyY8JYBSTrgVjA /TKnv7EfsqsIdsGISQXBYKm+wcRmau03QbmXvB3QWEXIvNrd/xQhocVmXWJKaCVF FuYwvuKsWyyCNEuXHbgxkzmOGYQhf4i1hqd1UjkmmU72xsW6xsAB5nklbczvO6bK TFbpH8c6fGkKuKPv+EkCHjwUXJtSdGjlEKYMwp/XdHw27R4CdD5rV0dydDEAC0oc DieK4Ih/4DrdYNvD3h/oGqt62maxp5WpeGt/cb7aqHoD61EyMag= =dzn4 -----END PGP SIGNATURE----- --iwjyruizqltwekl2--