New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FS#988 - Procd does not respect a user's groups when using parameter user #6423
Comments
yousong: Hi, please check relevant entries in /etc/passwd and /etc/group to see if user "foo" has the right primary group id set there. If you are using /lib/functions.sh to add group and users, it's very likely that it generated wrong id in the user/group database. The following snippet should confirm that.
. /lib/functions.sh
# old, buggy way
# group_add_next bar; gid=$?
gid=$(group_add_next bar)
user_add foo "" "$gid"
|
flipreverse: Pls excuse my later response. I didn't get any notification about your answer. |
por: Just to understand the issue, what has this to do with procd ? The user and group information, in case of OpenWrt implemented in passwd/groups, and retrievable with f.i. getent() and id, seems completely unrelated. Or is that data not available in the procd its jail ? |
yousong: The issue should be that procd only sets effective group id to user's primary group id while Alexander the reporter expects it also sets supplementary group ids for instance processes ;) I think this is a valid feature request, better than adding another "group" option. |
yousong: Hi, Alexander, I just posted 2 patches [1] to the mailing list that should address the issue for you. Please have it a try and see if it works for you. Thank you. [1] http://patchwork.ozlabs.org/project/lede/list/?series=27951 |
flipreverse: Yeah, sure! I'll try them. EDIT: Found them: http://patchwork.ozlabs.org/patch/871761/ |
flipreverse: Where do I find that file instance.c? |
flipreverse: Got it. :) It took me a while to notice that the procd sources are downloaded as a tarball. Thanks! |
flipreverse:
Hi folks!
I'm referring to git revision 4b3ffec.
Using this, procd does not respect a user's groups (/etc/group) when starting a service.
In my case, I want a particular service running as a particular user (procd_set_param user foo). The user is a member of several groups, and they are needed when running that service.
However, the service runs as user foo, but he is not a member of the other groups as described in /etc/group. I verified it by using a wrapper script which wrote the output of 'id' to a file.
Steps to reproduce:
I expect it to be: uid=XXX(foo) gid=XXX(foo) groups=XXX(bar).
Cheers,
Alex
The text was updated successfully, but these errors were encountered: