... i.e., don't use the getpw* functions.
Before this change, running groups or id with no user name argument
would include a group name or ID from /etc/passwd. Thus, under unusual
circumstances (default group is changed, but has not taken effect for a
given session), those programs could print a name or ID that is neither
real nor effective.
To demonstrate, run this:
echo 'for i in 1 2; do id -G; sleep 1.5; done' \
|su -s /bin/sh ftp - &
sleep 1; perl -pi -e 's/^(ftp:x:\d+):(\d+)/$1:9876/' /etc/passwd
Those id -G commands printed the following:
50
50 9876
With this change, they print this:
50
50
Similarly, running those programs set-GID could make them
print one ID too many.
* src/group-list.c (print_group_list): When username is NULL, pass
egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API
requirements of xgetgroups callee, mgetgroups.
When not using the password database, don't call getpwuid.
* NEWS (Bug fixes): Mention it.
* tests/misc/id-setgid: New file.
* tests/Makefile.am (TESTS): Add it.
(root_tests): It's a root-only test, so add it here, too.
Originally reported by Brynnen Owen as http://bugs.gnu.org/7320.
Raised again by Marc Mengel in http://bugzilla.redhat.com/816708.
* Noteworthy changes in release ?.? (????-??-??) [?]
+** Bug fixes
+
+ id and groups, when invoked with no user name argument, would print
+ the default group ID listed in the password database, and sometimes
+ that ID would be neither real nor effective. For example, when run
+ set-GID, or in a session for which the default group has just been
+ changed, the new group ID would be listed, even though it is not
+ yet effective.
+
** New features
fmt now accepts the --goal=WIDTH (-g) option.
Brian Youmans 3diff@gnu.org
Britton Leo Kerin fsblk@aurora.uaf.edu
Bruce Robertson brucer@theodolite.dyndns.org
+Brynnen Owen owen@illinois.edu
Carl Johnson carlj@cjlinux.home.org
Carl Lowenstein cdl@mpl.UCSD.EDU
Carl Roth roth@urs.us
Марк Коренберг socketpair@gmail.com
Marc Boucher marc@mbsi.ca
Marc Haber mh+debian-bugs@zugschlus.de
+Marc Mengel mengel@fnal.gov
Marc Lehman schmorp@schmorp.de
Marc Olzheim marcolz@stack.nl
Marco Franzen Marco.Franzen@Thyron.com
bool use_names)
{
bool ok = true;
- struct passwd *pwd;
+ struct passwd *pwd = NULL;
- pwd = getpwuid (ruid);
- if (pwd == NULL)
- ok = false;
+ if (username)
+ {
+ pwd = getpwuid (ruid);
+ if (pwd == NULL)
+ ok = false;
+ }
if (!print_group (rgid, use_names))
ok = false;
gid_t *groups;
int i;
- int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : (gid_t) -1),
- &groups);
+ int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : egid), &groups);
if (n_groups < 0)
{
if (username)
ls/nameless-uid \
misc/chcon \
misc/chroot-credentials \
+ misc/id-setgid \
misc/selinux \
misc/truncate-owned-by-other \
mkdir/writable-under-readonly \
misc/head-pos \
misc/id-context \
misc/id-groups \
+ misc/id-setgid \
misc/md5sum \
misc/md5sum-bsd \
misc/md5sum-newline \
--- /dev/null
+#!/bin/sh
+# Verify that id -G prints the right group when run set-GID.
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ id
+require_root_
+
+g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+
+# Construct a different group number.
+gp1=$(expr $g + 1)
+
+echo $gp1 > exp || framework_failure_
+
+setuidgid -g $gp1 $NON_ROOT_USERNAME env PATH="$PATH" id -G > out || fail=1
+compare exp out || fail=1
+# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+
+Exit $fail