On Tue, Jul 03, 2012 at 02:51:38PM -0600, Wouter Verhelst wrote: > On Thu, Jun 28, 2012 at 04:19:17AM +0400, Dmitry V. Levin wrote: > > On Thu, Jun 28, 2012 at 01:15:52AM +0200, Wouter Verhelst wrote: > > > On Mon, Jun 25, 2012 at 03:32:55AM +0400, Dmitry V. Levin wrote: > > > > Before this change, there was no way to clear or change supplementary > > > > groups at all, which is usually required to be done along with changing > > > > UID and GID. This change introduces a new global config boolean option > > > > "setgroups" and enables it by default. When this option is set to true, > > > > - "group" option will additionally clear the list of supplementary groups; > > > > > > This is sensible, I suppose. > > > > > > > - unless "group" option is specified, "user" option will additionally > > > > change both GID and the list of supplementary groups to those defined > > > > by the given user name. > > > > > > I'm not sure about that one; I think setting a group based on an option > > > called "user" -- if there is no option "group" specified -- is going to > > > be counterintuitive. > > > > From my PoV, switching UID without switching GID and supplementary groups > > hardly has a practical sense, so it is most likely a configuration error > > rather than a conscious decision. > > That's not the experience I've had with most daemons. I also disagree > that this is useless; I've had situations where not switching the group > made some sense. Unfortunately, in situations where nbd-server processes are running with a privileged group id and a full set of supplementary groups, these processes usually would have write access to many more files than one would like to allow them. > Additionally, this changes current behaviour, which I think is even > worse than bad defaults. > > So I'm going to NAK this, I'm afraid. Would it be acceptable to introduce the same "setgroups" option with the same semantics but not enabled by default? -- ldv
Attachment:
pgpHW_URYHrWQ.pgp
Description: PGP signature