On Mon, 2005-11-28 at 02:34 -0800, Jamie Zawinski wrote: > > when I compile and run this, I get: > > setgroups: Operation not permitted > > Note that xscreensaver (4.23) only calls setgroups if it needs to: if > the group list already contains only the one group that is intended, > it doesn't call it. So a setgroups failure really is a problem.
In any normal desktop setup, a user will belong to several groups. For instance, with gnome-volume-manager installed, users will also belong to the plugdev group. I cannot really understand why the setgroups fails if it is only restricting the list of groups; this should not require special privileges. This makes me think there is something wrong with my setup. But I cannot find any references on this behaviour on the net. > > Perhaps one has to call setgid before setgroups? If so, reversing > the order of the calls around line 137 in setuid.c might fix it? > > > Ralf, can you verify that this program does work on your system, and > > maybe direct me to the real problem? > > Also see the "test-uid.c" program in xscreensaver/driver/. This is what the program gives for me: $ ./test-uid bartvh/bartvh real user/group: 1000/1000 (bartvh/bartvh) eff. user/group: 1000/1000 (bartvh/bartvh) eff. group list: [cdrom=24, audio=29, video=44, staff=50, plugdev=109, fuse=112, bartvh=1000] setgroups(1, [1000]) "bartvh" failed: Operation not permitted setgid(1000) "bartvh" succeeded. setuid(1000) "bartvh" succeeded. real user/group: 1000/1000 (bartvh/bartvh) eff. user/group: 1000/1000 (bartvh/bartvh) eff. group list: [cdrom=24, audio=29, video=44, staff=50, plugdev=109, fuse=112, bartvh=1000] running "whoami" and "groups" in a sub-process reports: bartvh / bartvh cdrom audio video staff plugdev fuse exactly the same result... And when I reverse the order of setgid and setgroups (in that program), I still get 'Operation not permitted'. Bart. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
