hi systemd'ers , i'm sure this is known, but for the life of me i cant seems to know why. tldr; aparently i loose all auxiliary groups of root when i execute a unit. i'll explain (i try this on v238). when i'm logged in as root, and i execute `id` i get all the groups that root belong to. but when i do the same in a systemd unit (e.g. under a transien unit, a la systemd-run) i loose all groups. i suspect that this is because the getgroups system call returns a different value, but for the life of me, i don't know why or how. i'll show on my normal bash ``` [homex ~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),19(log) ``` i get all the groups, but if i run it with systemd-run ``` [homex ~]# systemd-run --pty id Running as unit: run-u207.service Press ^] three times within 1s to disconnect TTY. uid=0(root) gid=0(root) groups=0(root) ``` the only group i see is root, now for the semi weird part, if i execute `id root`, i do get all the groups ``` [homex ~]# systemd-run --pty id root Running as unit: run-u220.service Press ^] three times within 1s to disconnect TTY. uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),19(log) ``` this is because getgroups return a diferent value if i'm in the unit or logged in ``` [homex ~]# strace id 2>&1 | grep getgroups getgroups(0, NULL) = 8 getgroups(8, [0, 1, 2, 3, 4, 6, 10, 19]) = 8 [homex ~]# systemd-run --pty strace id 2>&1 | grep getgroups getgroups(0, NULL) = 0 getgroups(0, []) = 0 ``` and the reson why i gett all the groups when i execute `id root`, is because that does not ask for groups, but call libnss instead ``` [homex ~]# systemd-run --pty strace id root 2>&1 | grep getgroups [homex ~]# systemd-run --pty strace id root 2>&1 | grep libnss openat(AT_FDCWD, "/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib/libnss_systemd.so.2", O_RDONLY|O_CLOEXEC) = 3 ``` i guess i just wanna understand why this is, why this system call return different values if i'm in bash or if i'm in a unit. thanks guys! Alvaro Leiva Geisse -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180614/3e42c266/attachment.html>
getgroups returning a diferent result
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: getgroups returning a diferent result
- From: aleivag@xxxxxxxxx (aleivag)
- Date: Thu, 14 Jun 2018 21:35:06 -0700
- Follow-Ups:
- getgroups returning a diferent result
- From: Lennart Poettering
- getgroups returning a diferent result
- From: Jérémy Rosen
- getgroups returning a diferent result
- Prev by Date: Later activation of the HW watchdog
- Next by Date: Devuan ASCII 2.0.0
- Previous by thread: Later activation of the HW watchdog
- Next by thread: getgroups returning a diferent result
- Index(es):
 |