[Bug 3253] start-stop-daemon --chuid does not set supplemental groups
bugzilla at busybox.net
bugzilla at busybox.net
Thu Sep 15 11:31:47 UTC 2011
https://bugs.busybox.net/show_bug.cgi?id=3253
--- Comment #2 from Andreas Pretzsch <apr at cn-eng.de> ---
(In reply to comment #1)
> I don't have Debian machine to test it, so I need your input.
>
> Do you mean that this is wrong?
>
> # busybox start-stop-daemon -S -x id
> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys)
>
> # busybox start-stop-daemon -S -c 0:111 -x id
> uid=0(root) gid=111 groups=0(root),1(bin),2(daemon),3(sys)
> ^^^groups should be reset to 111 too!^^^^
>
>
> Correct?
Not reset, but setup according to groups file. Plus the specified as gid.
See initgroups(3) for reference.
Suppose you've got such a setup:
/etc/passwd
appuser:x:500:500::/home/appuser:/bin/false
/etc/group
dialout:x:106:appuser,otheruser
somegroup:x:111:irrelevantuser
audio:x:114:appuser,anotheruser
appgroup:x:500:
Starting something as "appuser" has to setup his additional groups (106,114),
too. And as gid the one you gave as group argument to -c.
With the patch, the outcome will be (taken and adapted from live system)
# busybox start-stop-daemon -S -c 500:111 -x /usr/bin/id
uid=500(appgroup) gid=111(somegroup) groups=106(dialout),114(audio)
Without, groups would be empty (iirc, but would make sense), making
start-stop-daemon partly useless for finer-grained group setups.
BTW, patch works without problems for months in a live system, albeit comments
still apply.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list