Discussion:
initgroups/ getgrouplist why additional group?
(too old to reply)
Rainer Weikusat
2024-05-22 21:17:53 UTC
Permalink
The initgroups and getgrouplist functions take an additional gid
argument and this gid is added to the set of returned groups
(getgrouplist) or groups the supplementary group list is set to
(initgroups). Man pages for the latter typically say something like

This is typically the real group ID from the user database.

about the additional gid argument.

One could argue that the additional
gid argument to getgroupslist makes some sense because it's supposed to
return all groups the user is member of, although that's still a weird
interface. But for initgroups, this gid will end up on the supplementary
groups list of the process, taking up one of the available slots there,
despite this isn't necessary (on Linux at least) when - as suggested by
the manpage - the passed value is the user's primary group which will
usually be (or need to become if a persona change is supposed to take
place) the (e)gid of the process.

I assume this additional argument is good for something in some
situation, however, I have no idea what this something and said
situation could be. Does anybody know more about this and would be
willing to share it?
vallor
2024-05-26 06:14:29 UTC
Permalink
On Wed, 22 May 2024 22:17:53 +0100, Rainer Weikusat
Post by Rainer Weikusat
The initgroups and getgrouplist functions take an additional gid
argument and this gid is added to the set of returned groups
(getgrouplist) or groups the supplementary group list is set to
(initgroups). Man pages for the latter typically say something like
This is typically the real group ID from the user database.
about the additional gid argument.
One could argue that the additional gid argument to getgroupslist makes
some sense because it's supposed to return all groups the user is member
of, although that's still a weird interface. But for initgroups, this
gid will end up on the supplementary groups list of the process, taking
up one of the available slots there, despite this isn't necessary (on
Linux at least) when - as suggested by the manpage - the passed value is
the user's primary group which will usually be (or need to become if a
persona change is supposed to take place) the (e)gid of the process.
I assume this additional argument is good for something in some
situation, however, I have no idea what this something and said
situation could be. Does anybody know more about this and would be
willing to share it?
Beats me why it's done this way, but thought I'd point out that
on Linux, NGROUPS_MAX -- though it used to be only 16 -- is now
65536.

Just checked MacOS though -- there, it is still 16.

#include <stdio.h>
#include <limits.h>

int main (void)
{

printf("%d\n",NGROUPS_MAX);

return 0;
}
--
-v
Loading...