From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 7 09:52:55 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D93816A4CE for ; Wed, 7 Jan 2004 09:52:55 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBAC443D1F for ; Wed, 7 Jan 2004 09:52:53 -0800 (PST) (envelope-from AdilK@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Wed, 7 Jan 2004 12:52:51 -0500 Message-ID: From: Adil Katchi To: 'Bruce M Simpson' Date: Wed, 7 Jan 2004 12:52:50 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-hackers@freebsd.org'" Subject: RE: switching between groups X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2004 17:52:55 -0000 Unfortunately, newgrp(1) would not work, because it calls setgroups, which for some weird reason, needs the caller to be a superuser. Isn't there a function that sets the groups (like setgroups) of the current process where you don't have to be a superuser? To maintain security, that function could just check that the groups being set by setgroups are a subset of the caller's set. Does a function like that already exist? If not, how come? Thanks, Adil -----Original Message----- From: Bruce M Simpson [mailto:bms@spc.org] Sent: Tuesday, January 06, 2004 1:12 PM To: Adil Katchi Cc: 'freebsd-hackers@freebsd.org' Subject: Re: switching between groups On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: > I was just wondering if anyone has any ideas how it's possible for a user > that belongs to multiple groups to somehow limit his or her own capabilities > by using only one of the n groups that they belong to and be able to switch > between these groups? For example, if userA belongs to groupA, groupB and > groupC, can userA enter a mode that would force it to only belong to groupA > (or groupB, or groupC)? UserA whould be able to switch between these groups > and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. Or just call setgroups() with a no-op group-list vector and then setgid()/ setegid() from within your application. BMS