Steve Langasek writes ("Re: Bug#732127: Does setuid also set the group(s) ? It
should."):
> Control: found -1 1.10-2
> Control: notfound -1 1.20-1
> Control: tags -1 confirmed
>
> On Sat, Dec 14, 2013 at 01:18:39PM +0000, Ian Jackson wrote:
> > The documentation in init(5) doesn't mention whether specifying setgid
> > in the job file also results in appropriate calls to setgid and
> > setgroups.
>
> > Firstly, clearly this should be documented.
>
> Agreed that this is underdocumented.
>
> The current behavior (as of upstart 1.7) is to call initgroups(), and to set
> the primary group to either the value of setgid if specified, or the primary
> group of the setuid user if not.
I think that's a perfectly tolerable behaviour.
> > If the user specifies setgid _and_ setuid, it's arguable whether you
> > should also call initgroups. I would say not - not being a member of
> > groups is generally less powerful.
>
> I think it would be better to extend the config syntax with an additional
> 'groups' option for maximum flexibility.
That wouldn't hurt.
> If you want to see this change made, it would be best if you could engage
> directly with the upstream mailing list (upstart-de...@lists.ubuntu.com) to
> sort out the exact semantics.
TBH I'd be happy just to see the existing behaviour documented.
Ian.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
