![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
Mark Hounschell wrote:
On 06/04/2018 09:27 AM, L A Walsh wrote:
To be clear, and I have tested this, I am not loosing my group memberships when I start the suid pgm or during its execution. They are simply not being passed to an exec'd external entity.
That's not exactly clear to me. FWIW, I get annoyed at programs that mess with GID-based access. Groups are perfect for giving access to multiple accounts owned by the same person, among other things... 1) Let me repeat that back -- a program running as root (the suid pgm), execs another program and the groups disappear? OR) do you mean only execution of bash scripts? 2) You say you used to do the exact same thing under 13.2? Using bash-4.2 and it worked?, but now under Leap-15 and bash-4.??? it doesn't work? 3) at what point in executing 'pgm+<whatever>', does the 'job' stop being 'root' -- or is it your belief that it stays root throughout execution until pgm terminates?
In the main program, not the example I provided, I fork/exec/wait. The main process still has my group memberships after that. They just don't make it into the exec'd pgm/script.
What is 'pgm'? Is it a binary or some sort of script? How is the main-process run? Is it setuid, or do you use a program like 'sudo', 'su', or 'runas' or ??? How about the main process? What type of program is it? In the code I quoted, it looked like it was when resetting groups before it dropped root -- that's why I'm asking if it keeps root while executing everything, or if it drops it at some point, or what, since it sounded like you were saying the groups were dropped when you became root -- but with *this* note, it sounds like that's not the case either, but more in line with a fork or exec? I had some other Q's, but had a phone call come in that caused a stack overflow in my brain....oh well. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org