Sergey Poznyakoff wrote: > > What is the use-case that you are considering? A setuid/setgid executable, > > or an executable run by root? > > I was considering an executable run by root.
Ah, I see. That requires a different API, one that takes the target uid and gid (and supplementary groups) as arguments. > > And what task does it do, related to the user's data and devices? > > Retaining supplementary is often necessary for the program to be > able to access various files. I use this approach in Mailfromd And it's necessary to relinquish those groups because on some systems, 'root' is member of many groups - privileges that the program does not need. For example, on MacOS X: $ grep root /etc/group wheel:*:0:root daemon:*:1:root kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root procview:*:8:root procmod:*:9:root staff:*:20:root certusers:*:29:root,_jabber,_postfix,_cyrus,_calendar admin:*:80:root Shouldn't the program also call setgroups (possibly indirectly through initgroups), in order to make sure that it can write any file that the user can write to? For example, the user can write to a file that he does not own but which is chgrp'ed to a group that is contained among his supplementary groups. The program may need to write to such a file. If it has only the user's uid and gid, it cannot do it. So it needs also to acquire all supplementary groups of the user, right? Bruno
