Bruno Haible <br...@clisp.org> ha escrit: > What is the use-case that you are considering? A setuid/setgid executable, > or an executable run by root?
I was considering an executable run by root. > And what task does it do, related to the user's data and devices? Retaining supplementary is often necessary for the program to be able to access various files. I use this approach in Mailfromd (http://www.gnu.org.ua/software/mailfromd). > > idpriv_drop_grp (size_t ngrp, gid_t *groups) > > Should that drop the specified supplementary groups (and keep the rest), > or keep the specified supplementary groups? It should keep only the specified supplementary groups and drop the rest. If ngrp==0 it should drop all supplementary groups. Regards, Sergey
