Hi, Jim Meyering <[email protected]> writes:
> Ludovic Courtès wrote: >> The latest build has all the output: >> http://hydra.nixos.org/build/171993/log/raw . > > Thanks for investigating. > >> Regarding ‘chgrp/basic’, the test finds groups='30000 65534'. However, >> 65534 corresponds to ‘nogroup’. (The build process runs under a special >> user, typically: >> >> $ id nixbld1 >> uid=30001(nixbld1) gid=65534(nogroup) groups=30000(nixbld),65534(nogroup) > > It looks like there is something different > about NixOS, since normally when a user U is a member > of a group G, and U runs "chown U:G file", that command succeeds. After some time investigating (with help from Lluís Battle), here’s a snippet to reproduce the problem: --8<---------------cut here---------------start------------->8--- #include <stdlib.h> #include <stdio.h> #include <assert.h> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main (int argc, char *argv[]) { int err; assert (setegid (30000) /* nixbld */ == 0); assert (seteuid (30001) /* nixbld1 */ == 0); assert (creat ("foo", O_RDWR) >= 0); err = chown ("foo", -1, 65534 /* nogroup */); if (err) perror ("chgrp"); return 0; } --8<---------------cut here---------------end--------------->8--- The problem is that egid == 30000. id(1) sees group 65534 from getpwuid(3) or similar. However, under ‘_POSIX_CHOWN_RESTRICTED’, the chown(2) call above fails with EPERM. QED. I’m not sure what should be done from there... Thanks, Ludo’.
pgpupMWDJZlXp.pgp
Description: PGP signature
