diff options
| author | Pádraig Brady <P@draigBrady.com> | 2014-05-16 09:50:24 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2014-05-21 11:18:26 +0100 |
| commit | ce0c08b52d893f6cad7ae9b7b59968406c85eeb9 (patch) | |
| tree | 379c01901adbe45d9cf5fbbb11887c357ad5abec /bootstrap | |
| parent | 99960eeab9bf7fb479ab9f5342fc12a1fae629e6 (diff) | |
| download | coreutils-ce0c08b52d893f6cad7ae9b7b59968406c85eeb9.tar.xz | |
chroot: with --userspec clear root's supplemental groups
It's dangerous and confusing to leave root's supplemental
groups in place when specifying other users with --userspec.
In the edge case that that is desired one can explicitly
specify --groups.
Also we implicitly set the system defined supplemental groups
for a user. The existing mechanism where supplemental groups
needed to be explicitly specified is confusing and not general
when the lookup needs to be done within the chroot.
Also we extend the --groups syntax slightly to allow clearing
the set of supplementary groups using --groups=''.
* src/chroot.c (setgroups): On systems without supplemental groups,
clearing then is a noop and so should return success.
(main): Lookup the primary GID with getpwuid() when just a numeric
uid is specified, and also infer the USERNAME from this call,
needed when we're later looking up the supplemental groups for a user.
Support clearing supplemental groups, either implicitly for
unknown users, or explicitly when --groups='' is specified.
* tests/misc/chroot-credentials.sh: Various new test cases
* doc/coreutils.texi (chroot invocation): Adjust for the new behavior.
* NEWS: Mention the change in behavior.
Diffstat (limited to 'bootstrap')
0 files changed, 0 insertions, 0 deletions