GNU bug report logs - #38438
Fcgiwrap service has no supplementary groups

Previous Next

Package: guix;

Reported by: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Date: Sat, 30 Nov 2019 18:50:02 UTC

Severity: normal

Full log

Message #8 received at 38438 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: 38438 <at> debbugs.gnu.org
Subject: Re: bug#38438: Fcgiwrap service has no supplementary groups
Date: Wed, 4 Dec 2019 11:22:12 +0100

[Message part 1 (text/plain, inline)]
I had hoped the attached quick hack would fix my issue when testing
with the attached vm-image config from
<https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00421.html>.
That is, I wanted it to suffice to set Gitolite’s umask to #o0027 as
described in the manual instead of #o0022, after I do `usermod -aG git
fcgiwrap`.  But instead I get “Operation not permitted” error from
setgroups.  I will try again later with the position of setuid and
setgroups call swapped.

The hack makes make-forkexec-constructor use the supplementary groups
from the user.  Systemd uses them by default.  However they should be
made more configurable.

Regards,
Florian

[quick-hack.patch (text/plain, attachment)]
[test-vm-config.scm (application/vnd.lotus-screencam, attachment)]
This bug report was last modified 5 years and 192 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.