On 12/30/2018 12:33 AM, Philip Guenther wrote:
On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker <
ip...@ripsbusker.no.eu.org> wrote:
Aside from compatibility, what is the purpose of primary groups,
compared to secondary groups?
Said otherwise, why do we have both primary and secondary groups
rather than only secondary groups?
Yet another phrasing: Why do I need to set a primary group?
Secondary groups can only be set, all at once, when running as root (e.g.,
login, sshd), while the primary group can be altered by setgid binaries and
then switched among using set*gid(2).
For filesystem objects like files and directories, the BSD behavior is for
the object to get its group from the directory in which it was created,
ignoring the groups of the process that created it. On more SysV-like
systems the default is to take the primary group of the process that
created it. However, for objects that exist in the kernel but not the
filesystem such as pipes, sockets, and SysV shared memory segments,
semaphores, and message queues, the common behavior is to take the primary
group of the process that created it. This doesn't have much effect other
than fstat() for pipes and sockets, but for SysV stuff it affects what
operations processes can perform.
Philip Guenther
Is there also a difference when creating a file in a folder with set GID
bit on that folder and owned by secondary group? I think in normal
behavior, if folder allows a user to create a file (sec. group w/ 770
perm.) then the new file group will not take the group of the folder but
will take the group of the user's primary group. But if you have set GID
bit then the new file will take the group of the folder it's in (which
will be one of the user's secondary groups).
I thought in OpenBSD there is also a flag to mount the filesystem to
always do this regardless of set GID but I can't remember. I don't see
it in the man page so maybe with all of this I'm really thinking of
Linux but I can't remember.
V/r,
Bryan
