Set supplementary groups for target user #60
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce new parameter 'use_supplementary_groups'. When 'use_supplementary_groups' is true and either 'user' or 'uid' is set, supplementary groups would be set according to /etc/group. If 'gid' is also set, effective group id is set to 'gid', otherwise pw_gid from /etc/passwd is used.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please test and accept my patch for setting supplementary groups.
I'm sorry for missing documentation (with my English it would be easier to write it from scratch) and I'm sorry for missing formal tests (I afraid tests would be much more complex than code, mock-ups for
getpwuid,getgrentwould be needed and code would look uglier if to wrap$)access to a hook method, which is to be overridden by the testsuite).I have tested it on my workstation (1. test without root permissions, 2. test with user with many groups, 3. test with user without supplementary groups) and on server as init.d script for real application.
I have also tested the case where 'uid' is specified without 'group' or 'gid' and there is no entry for such 'uid' in /etc/passwd. In this case 'gid' and supplementary groups remain intact. Probably it would be better to die in such case.