Fri Sep 28 08:41:20 EDT 2012
270) Initialize group vector if we are becoming a user other than root.
For root, it is often more useful to hang on to our existing group
Why is this, exactly? I tried perusing the mailing list archives for a
discussion of this topic, but didn't find anything.
I would assume that sudo would always set the credentials of the process
to the user's UID and primary and supplemental GIDs, no matter which user.
That user root is handled as an exception, differently than other users,
is a little obscure and potentially confusing.
An alternative approach might be to use a command line option,
-P/--preserve-group-vector, to be used when the existing user's
supplemental group membership vector is to be preserved, with sudo
defaulting to always using initgroup(3) (if present) to set the group
Nothing ever becomes real till it is experienced -- even a proverb
is no proverb to you till your life has illustrated it.
More information about the sudo-workers