[RndTbl] "washing" a fork/exec to force all groups
Trevor Cordes
trevor at tecnopolis.ca
Wed Apr 19 20:25:23 CDT 2023
On 2023-04-19 Gilbert Detillieux wrote:
>
> They may have had users like me in mind, who (over time) need to be
> added to over 16 separate secondary groups (yeah, I was running into
> that RPC AUTH_SYS 16-group limit in NFS, long before there was a
> simple fix).
Which makes me wonder... is there any command line program (or shell
option) that lets a normal user *drop* their supplemental groups? I
don't see one. You can change your primary group with newgrp/sg, but
the tools don't seem to let you manipulate supplemental groups. Which
further leads me to believe that no one in the *NIX world thinks
dropping groups is a worthwhile, good or needed idea.
Furhter, perl doesn't seem to give you anything to manipulate this in
core either, which I find really strange. perl usually lets you do
*all* of this user/group system stuff, even if only through vaguely
named special vars: $) anyone? (Ok, ya they now have pretty names too.
But if modern much-vaunted jquery can do $() then I can have my $)
thank you very much. <smirk>) So that leads me to believe perl-people
think the idea is useless.
I was going to say postfix could let the user decide by running /bin/dg
(which I'm coining just now, drop-groups) before their desired command.
That would be more unix-y by letting the user decide and chain commands
as they see fit.
Oh ya, I realized ACLs could probably also solve my root problem. But
I don't think I'll ever stoop to using ACLs on Linux. I eradicate them
everywhere I see them. Evil!
More information about the Roundtable
mailing list