OpenWrt/LEDE Project

  • Status Assigned   Reopened
  • Percent Complete
  • Task Type Feature Request
  • Category Base system
  • Assigned To
    Yousong Zhou
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Alexander Lochmann - 28.08.2017
Last edited by Yousong Zhou - 11.02.2018

FS#988 - Procd does not respect a user's groups when using parameter user

Hi folks!

I’m referring to git revision 4b3ffecf2b.
Using this, procd does *not* respect a user’s groups (/etc/group) when starting a service.
In my case, I want a particular service running as a particular user (procd_set_param user foo). The user is a member of several groups, and they are needed when running that service.
However, the service runs as user foo, but he is not a member of the other groups as described in /etc/group. I verified it by using a wrapper script which wrote the output of ‘id’ to a file.

Steps to reproduce:
1. Create a user foo having primary group foo and is a member of group bar.
2. Write a short bash script which write the output of ‘id’ to a file.
3. Create a service that starts the aforementioned script.
4. Have a look at the output. It should say something like this: uid=XXX(foo) gid=xxx(foo).

I expect it to be: uid=XXX(foo) gid=XXX(foo) groups=XXX(bar).


Project Manager
Yousong Zhou commented on 09.11.2017 09:59

Hi, please check relevant entries in /etc/passwd and /etc/group to see if user "foo" has the right primary group id set there. If you are using /lib/ to add group and users, it's very likely that it generated wrong id in the user/group database.

The following snippet should confirm that.

. /lib/
# old, buggy way
# group_add_next bar; gid=$?
gid=$(group_add_next bar)
user_add foo "" "$gid"

. /lib/functions/
service_triggers() { true; }
procd_open_service foo foo
procd_open_instance bz
procd_set_param user foo
procd_set_param command '/bin/sh' '-c' 'logger $(id)'
Alexander Lochmann commented on 09.02.2018 13:03

Pls excuse my later response. I didn't get any notification about your answer.
Procd works perfectly with respect to a user's primary group. However, a user might be in more than just his or her primary group.
In my case, the user's foo primary group is staff, and he is also member of the group bar.
However, the procd scripts do not respect those groups....

Paul Oranje commented on 11.02.2018 10:34

Just to understand the issue, what has this to do with procd ?

The user and group information, in case of OpenWrt implemented in passwd/groups, and retrievable with f.i. getent() and id, seems completely unrelated. Or is that data not available in the procd its jail ?

Project Manager
Yousong Zhou commented on 11.02.2018 10:52

The issue should be that procd only sets effective group id to user's primary group id while Alexander the reporter expects it also sets supplementary group ids for instance processes ;) I think this is a valid feature request, better than adding another "group" option.

Project Manager
Yousong Zhou commented on 11.02.2018 12:13

Hi, Alexander, I just posted 2 patches [1] to the mailing list that should address the issue for you. Please have it a try and see if it works for you. Thank you.


Alexander Lochmann commented on 11.02.2018 14:21

Yeah, sure! I'll try them.
Unfortunately, I do not see any patches. Do I have to login to see them?

*EDIT*: Found them:

Alexander Lochmann commented on 11.02.2018 14:46

Where do I find that file instance.c?
I do not have such file in my checkout (

Alexander Lochmann commented on 11.02.2018 18:02

Got it. :) It took me a while to notice that the procd sources are downloaded as a tarball.
I then successfully patched the sources, and it works.



Available keyboard shortcuts


Task Details

Task Editing