[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Nbd] [RFC PATCH] nbd-server: set supplementary groups by default when changing UID/GID

On Thu, Jun 28, 2012 at 01:15:52AM +0200, Wouter Verhelst wrote:
> On Mon, Jun 25, 2012 at 03:32:55AM +0400, Dmitry V. Levin wrote:
> > Before this change, there was no way to clear or change supplementary
> > groups at all, which is usually required to be done along with changing
> > UID and GID.  This change introduces a new global config boolean option
> > "setgroups" and enables it by default.  When this option is set to true,
> > - "group" option will additionally clear the list of supplementary groups;
> This is sensible, I suppose.
> > - unless "group" option is specified, "user" option will additionally
> >   change both GID and the list of supplementary groups to those defined
> >   by the given user name.
> I'm not sure about that one; I think setting a group based on an option
> called "user" -- if there is no option "group" specified -- is going to
> be counterintuitive.

>From my PoV, switching UID without switching GID and supplementary groups
hardly has a practical sense, so it is most likely a configuration error
rather than a conscious decision.

> Instead, it might be better to redefine the "group" option as a
> comma-separated list, so that multiple groups can be set in the
> configuration file, if needs be.

Since each user name defines not only UID but also GID and supplementary
groups, such a change would encourage users to duplicate configuration
already defined in the system.  It's a pity that "group" option exists at
all, "user" option would be enough.


Attachment: pgpWXduX3kCNq.pgp
Description: PGP signature

Reply to: