https://github.com/python/cpython/commit/7d2ecdf4e9325e8c6522536a18fda2a715c74404 commit: 7d2ecdf4e9325e8c6522536a18fda2a715c74404 branch: 3.11 author: Miss Islington (bot) <[email protected]> committer: pablogsal <[email protected]> date: 2026-04-05T18:41:08Z summary:
[3.11] gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (#148133) gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (cherry picked from commit a1cf4430ed89ec702528ef074138c407ccf89946) Co-authored-by: Gregory P. Smith <[email protected]> files: M Doc/library/subprocess.rst diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index c0ae9e5d7aae68..5afc0dc556dfea 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -632,6 +632,12 @@ functions. the value in ``pw_uid`` will be used. If the value is an integer, it will be passed verbatim. (POSIX only) + .. note:: + + Specifying *user* will not drop existing supplementary group memberships! + The caller must also pass ``extra_groups=()`` to reduce the group membership + of the child process for security purposes. + .. availability:: POSIX .. versionadded:: 3.9 _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
