>Yes. Apparently everyone re-implementing daemontools does something like
>this. So that brings me back to my original question: is there consensus
>that the historical behaviour is a bug? Or are there valid use casesĀ¹?
I don't think the historical behaviour is a *bug*, because the
historical behaviour is documented and conforms to its documentation.
It also comes from a time when supplementary groups weren't used as
much as they are today.
It's just that not having supplementary groups can defeat intuitive
expectations when performing a group permissions check. That does not
happen every day, but it does happen sometimes. s6-setuidgid had the
same behaviour as setuidgid until I got bitten by that very problem,
at which point I realized that "user identity" is not only uid and gid
as it is for files, but also supplementary groups, and so I added
supplementary groups support to s6-*uidgid. But it had been years
until I found it necessary.
So, YMMV. I'd say supplementary groups support is useful and allows
the tool to better match user intuition, so it has value. But is it
*mandatory* for correctness? You decide.
--
Laurent
Received on Tue Aug 20 2019 - 18:21:09 UTC