Skip to content

Fix missing setgroups() call.#9

Closed
ximon18 wants to merge 5 commits intomainfrom
fix-missing-setgroups2
Closed

Fix missing setgroups() call.#9
ximon18 wants to merge 5 commits intomainfrom
fix-missing-setgroups2

Conversation

@ximon18
Copy link
Member

@ximon18 ximon18 commented Aug 29, 2025

@ximon18 ximon18 requested a review from partim August 29, 2025 02:28
@partim
Copy link
Member

partim commented Aug 29, 2025
edited
Loading

I’m wondering if the correct behaviour is to call setgroups(&[]) (i.e., drop all supplementary groups) if either user or group are provided. The Linux manpage seems to suggest that this is for the supplementary groups only, i.e., you don’t need to include the effective group ID in the list.

Also, setgroups isn’t POSIX, the nix source suggest that it isn’t available e.g. on Apple targets, so this needs to be gated somehow.

@partim
Copy link
Member

partim commented Aug 29, 2025

Ah, great. On FreeBSD, the first item in the array is the effective group ID. So I guess your approach is correct after all. But then what do you do when we only set the user ID? Leave the list alone?

@ximon18
Copy link
Member Author

ximon18 commented Aug 29, 2025

I actually just did what is listed here in the example: https://docs.rs/nix/latest/nix/unistd/fn.setgroups.html#examples

@partim partim mentioned this pull request Aug 29, 2025
Merged
@ximon18
Copy link
Member Author

ximon18 commented Aug 29, 2025

Obsoleted by PR #11.

@ximon18 ximon18 closed this Aug 29, 2025
@ximon18 ximon18 deleted the fix-missing-setgroups2 branch August 29, 2025 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@partim partim Awaiting requested review from partim

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ximon18 @partim