Bug#50441: xinetd doesn't set supplementary groups
On Sat, Dec 11, 1999 at 10:51:30PM -0700, Rob Braun wrote:
> Hi, I havn't taken a look at the debian bug log yet, however,
> under linux, the 'groups' attribute for a service takes YES or
> NO, depending on if you want the service to have access to the
> groups the 'user' attribute has access to.
> When xinetd was originally written, supplementary groups did not
> exist, so the 'group' attribute (different from 'groups') only
> sets the primary group of 'user'. Changing this behavior seems
> dangerous. It is also somewhat useful, so you can control
> the group access permissions.
>
> So, I believe that setting the 'groups' attribute (documented in
> the xinetd.conf man page) to 'yes' will solve your supplementary
> groups problem. If this doesn't fix the problem, I'd like to know.
Ah, yes. I have read the manual page again, and I see that option
should work, and it really does. telnetd can access utmp now.
Can you explain why would changing the behaviour to support supp.
groups be dangerous (when inetd does it off hand)? Or, can we set
up itox/xconv.pl to use it by default, because some of our daemons
need the supplementary utmp group (for the same reason as telnetd)?
> I've just checked this, and specifying 'groups = yes' does set
> the supplementary groups. The xinetd.conf man page is incorrect,
> however, as it says to have 'groups = YES', which does not work.
> This seems like a bug in both the parsing of the config file and
> in the man page. In the next beta release, I'll make 'groups = YES'
> work as well as 'groups = yes'.
Fine with me. :)
--
enJoy -*/\*- don't even try to pronounce my first name
Reply to: