[Bug 3253] start-stop-daemon --chuid does not set supplemental groups

bugzilla at busybox.net bugzilla at busybox.net
Thu Sep 15 11:31:47 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=3253

--- Comment #2 from Andreas Pretzsch <apr at cn-eng.de>  ---
(In reply to comment #1)
> I don't have Debian machine to test it, so I need your input.
> 
> Do you mean that this is wrong?
> 
> # busybox start-stop-daemon -S -x id
> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys)
> 
> # busybox start-stop-daemon -S -c 0:111 -x id
> uid=0(root) gid=111 groups=0(root),1(bin),2(daemon),3(sys)
>                     ^^^groups should be reset to 111 too!^^^^
> 
> 
> Correct?

Not reset, but setup according to groups file. Plus the specified as gid.
See initgroups(3) for reference.

Suppose you've got such a setup:
  /etc/passwd
    appuser:x:500:500::/home/appuser:/bin/false
  /etc/group
    dialout:x:106:appuser,otheruser
    somegroup:x:111:irrelevantuser
    audio:x:114:appuser,anotheruser
    appgroup:x:500:

Starting something as "appuser" has to setup his additional groups (106,114),
too. And as gid the one you gave as group argument to -c.

With the patch, the outcome will be (taken and adapted from live system)
# busybox start-stop-daemon -S -c 500:111 -x /usr/bin/id
uid=500(appgroup) gid=111(somegroup) groups=106(dialout),114(audio)

Without, groups would be empty (iirc, but would make sense), making
start-stop-daemon partly useless for finer-grained group setups.

BTW, patch works without problems for months in a live system, albeit comments
still apply.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list