Hi all,Patch in [1] restore supplementary groups when dropping privileges. It uses `initgroups` for that. However, when tar is run as a user, it cannot call `initgroups` (EPERM).
$ LANG=C tar xf remote-host:test.tar --rsh-command=/usr/bin/ssh
tar: initgroups: Operation not permitted
tar: Error is not recoverable: exiting now
tar: remote-host\:test.tar: Cannot open: Input/output error
tar: Error is not recoverable: exiting now
Note that there is no need of using `initgroups` in this situation as
user is not getting specific privileges.
[1] https://lists.gnu.org/archive/html/bug-tar/2021-02/msg00004.htmlSkipping the EPERM error (as for `getgid` and `getuid` below) fix the problem (the same command works as expected):
---
lib/rtapelib.c | 2 +-
paxlib/rtape.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/rtapelib.c b/lib/rtapelib.c
index d7b8b36..7de6317 100644
--- a/lib/rtapelib.c
+++ b/lib/rtapelib.c
@@ -365,7 +365,7 @@ sys_reset_uid_gid (void)
if (!pw)
return "getpwuid";
- if (initgroups (pw->pw_name, gid) != 0)
+ if (initgroups (pw->pw_name, gid) != 0 && errno != EPERM)
return "initgroups";
if (gid != getegid () && setgid (gid) != 0 && errno != EPERM)
return "setgid";
diff --git a/paxlib/rtape.c b/paxlib/rtape.c
index 1089d92..9565eda 100644
--- a/paxlib/rtape.c
+++ b/paxlib/rtape.c
@@ -370,7 +370,7 @@ sys_reset_uid_gid (void)
if (!pw)
return "getpwuid";
- if (initgroups (pw->pw_name, gid) != 0)
+ if (initgroups (pw->pw_name, gid) != 0 && errno != EPERM)
return "initgroups";
if (gid != getegid () && setgid (gid) != 0 && errno != EPERM)
return "setgid";
--
Henry-Joseph Audéoud
OpenPGP_signature
Description: OpenPGP digital signature
