The linux 'id' command reports on groups= that process belongs to. When and how does this get filled in?
I'm writing an suid/sgid program and it seems that the groups never get filled in for my process and perhaps just coincidentially, but the permissions inregards to an nfs mounted file system don't work correctly for it either (by the way, I've played with no_root_squash and that didn't help)
In most cases, the supplementary groups are set by login.
If you want to set them yourself, you'll need the functions getgrouplist() and setgroups() from <grp.h> - note that you'll need to be root to call setgroups() successfully.
Multiple group membership is normally set at login but not used much. SOP often is to give each user their own group.
Network file systems typically don't respect local client root privs.
Thanks, the setgroups() was pretty much the answer. However, I ended up using initgroups() which worked really well. The call was made before I did the setuid away from root.
Found this in the man pages NAME initgroups - initialize the supplementary group access list
SYNOPSIS #include #include
int initgroups(const char *user, gid_t group);
Apparently if the groups come from LDAP, you NEED to do this in order to get them filled in properly.