[Bug 3253] start-stop-daemon --chuid does not set supplemental groups

bugzilla at busybox.net bugzilla at busybox.net
Thu Sep 15 17:06:44 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=3253

--- Comment #6 from Andreas Pretzsch <apr at cn-eng.de>  ---
(In reply to comment #3)
> Did you confirm that standard Debian's start-stop-daemon does that?

Well, yes. More or less, minus a bug.
Just verified on latest Debian stable 6.0.2 (vanilla live image) and also on
current Debian testing (dpkg 1.16.0.3).

It'll set the supplemental groups as described in the man page. But only if the
username is given in cleartext, not when passed as number.

user at debian:~$ dpkg -s dpkg | grep Version
Version: 1.15.8.11
user at debian:~$ grep "user" /etc/passwd
user:x:1000:1000:Debian Live user,,,:/home/user:/bin/bash
user at debian:~$ grep "user" /etc/group
cdrom:x:24:user
floppy:x:25:user
audio:x:29:user
dip:x:30:user
video:x:44:user
plugdev:x:46:user
users:x:100:
user:x:1000:
user at debian:~$ sudo -i
root at debian:~# start-stop-daemon -S -c user:dip -x /usr/bin/id
uid=1000(user) gid=30(dip)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
root at debian:~# start-stop-daemon -S -c user:30 -x /usr/bin/id
uid=1000(user) gid=30(dip)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
root at debian:~# start-stop-daemon -S -c 1000:dip -x /usr/bin/id
uid=1000(user) gid=30(dip) groups=1000(user),30(dip)
root at debian:~# start-stop-daemon -S -c 1000:30 -x /usr/bin/id
uid=1000(user) gid=30(dip) groups=1000(user),30(dip)
root at debian:~# 

Tracking it down in the source, the culprit is the call to initgroups().
It's defined as "int initgroups(const char *user, gid_t group)", but apparently
only works with cleartext usernames, but not with an uid passed as text. Which
is what happens in the latter two cases (-c 1000:whatever).
Unfortunately, initgroups() still returns 0 for success in this case...

So far, no bug report found in Debian BTS. Will file one later, as time
permits.


> Specifically, start-stop-daemon -c user1:1234 will still set user1's
> supplementary groups, and will add group 1234 to them?

Not exactly. It'll set 1234 as the main gid. And feed the remaining gids as
suppl. groups to the kernel (resp. the process context).


> I'm asking because it's not the only one sensible behavior. Clearly,
> 
> start-stop-daemon -c user1
> 
> should set uid to user1's uid, gid to user1's gid, and set his supplementary
> groups too. But
> 
> start-stop-daemon -c user1:1234
> 
> may be interpreted as "set uid to user1's uid, set gid to 1234, and DONT set
> user1's supplementary groups (because we explicitly say that group should be
> 1234, not the user1's usual one)!"

Good point, but no, they're always set, even with explicit specified additional
group the user is not in:

root at debian:~# start-stop-daemon -S -c user -x /usr/bin/id
uid=1000(user) gid=1000(user)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
root at debian:~# start-stop-daemon -S -c user:dip -x /usr/bin/id
uid=1000(user) gid=30(dip)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
root at debian:~# start-stop-daemon -S -c user:nogroup -x /usr/bin/id
uid=1000(user) gid=65534(nogroup)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),65534(nogroup)
root at debian:~# start-stop-daemon -S -c user -g nogroup -x /usr/bin/id
uid=1000(user) gid=65534(nogroup)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),65534(nogroup)
root at debian:~# start-stop-daemon -S -c user:dip -g nogroup -x /usr/bin/id
uid=1000(user) gid=65534(nogroup)
groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),65534(nogroup)
root at debian:~# 


> To me, both interpretations make sense.

True. Looks like the latter one (no suppl. groups) is not possible, despite
there may be a use for that.
N.B.: Not sure if this is possible at all, as the user is still listed in the
remaining groups (wrt to /etc/group) and therefore might switch/add group
membership later on. Depending on the various effective/saved uid/gid.
Honestly, I don't want to dig into this too deep right now...


> Therefore, the question is: what does standard Debian's start-stop-daemon do?

Adding the suppl. groups, as proposed.
As busybox will do with my patch. Of course minus the numerical-uid bug on
Debian side. Which is not present in busybox resp. my patch, as there the
textual name is used.

=> I'd suggest to merge in my original patch, maybe after some proof-reading.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list