[Bug 3253] start-stop-daemon --chuid does not set supplemental groups

bugzilla at busybox.net bugzilla at busybox.net
Thu Sep 15 11:31:47 UTC 2011


--- Comment #2 from Andreas Pretzsch <apr at cn-eng.de>  ---
(In reply to comment #1)
> I don't have Debian machine to test it, so I need your input.
> Do you mean that this is wrong?
> # busybox start-stop-daemon -S -x id
> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys)
> # busybox start-stop-daemon -S -c 0:111 -x id
> uid=0(root) gid=111 groups=0(root),1(bin),2(daemon),3(sys)
>                     ^^^groups should be reset to 111 too!^^^^
> Correct?

Not reset, but setup according to groups file. Plus the specified as gid.
See initgroups(3) for reference.

Suppose you've got such a setup:

Starting something as "appuser" has to setup his additional groups (106,114),
too. And as gid the one you gave as group argument to -c.

With the patch, the outcome will be (taken and adapted from live system)
# busybox start-stop-daemon -S -c 500:111 -x /usr/bin/id
uid=500(appgroup) gid=111(somegroup) groups=106(dialout),114(audio)

Without, groups would be empty (iirc, but would make sense), making
start-stop-daemon partly useless for finer-grained group setups.

BTW, patch works without problems for months in a live system, albeit comments
still apply.

Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list