From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/848
Path: news.gmane.org!not-for-mail
From: Charles Duffy <cduffy@spamcop.net>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: chpst and secondary groups (runit-1.2.3)
Date: Mon, 15 Aug 2005 16:01:28 -0500
Message-ID: <pan.2005.08.15.21.01.28.953741@spamcop.net>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: sea.gmane.org 1124140028 27865 80.91.229.2 (15 Aug 2005 21:07:08 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 15 Aug 2005 21:07:08 +0000 (UTC)
Original-X-From: supervision-return-1084-gcsg-supervision=m.gmane.org@list.skarnet.org Mon Aug 15 23:07:07 2005
Return-path: <supervision-return-1084-gcsg-supervision=m.gmane.org@list.skarnet.org>
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by ciao.gmane.org with smtp (Exim 4.43)
	id 1E4mA5-0001Ri-3y
	for gcsg-supervision@gmane.org; Mon, 15 Aug 2005 23:06:25 +0200
Original-Received: (qmail 1036 invoked by uid 76); 15 Aug 2005 21:06:45 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 1030 invoked from network); 15 Aug 2005 21:06:45 -0000
X-Injected-Via-Gmane: http://gmane.org/
Original-To: supervision@list.skarnet.org
Original-Lines: 9
Original-X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: fwext1-ext.isgenesis.com
User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table (Debian GNU/Linux))
Original-Sender: news <news@sea.gmane.org>
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:848
X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:848

I have a service which needs serial port access, meaning it needs access
to a secondary group (its primary one is set differently for Good Reasons).

Right now I'm using chpst (from runit) to set the uid and gid for this
process -- but chpst doesn't set secondary groups. This is, for obvious
reasons, problematic.

Any suggested workarounds? Using ACLs for the relevant permissions is
distinctly unpleasant.