No subject


Fri Sep 28 08:41:20 EDT 2012


  270) Initialize group vector if we are becoming a user other than root.
       For root, it is often more useful to hang on to our existing group
       vector.

Why is this, exactly?  I tried perusing the mailing list archives for a
discussion of this topic, but didn't find anything.

I would assume that sudo would always set the credentials of the process
to the user's UID and primary and supplemental GIDs, no matter which user.
That user root is handled as an exception, differently than other users,
is a little obscure and potentially confusing.

An alternative approach might be to use a command line option,
-P/--preserve-group-vector, to be used when the existing user's
supplemental group membership vector is to be preserved, with sudo
defaulting to always using initgroup(3) (if present) to set the group
vector.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Nothing ever becomes real till it is experienced -- even a proverb
   is no proverb to you till your life has illustrated it.

   	-John Keats

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the sudo-workers mailing list