[systemd-devel] getgroups returning a diferent result

aleivag aleivag at gmail.com
Fri Jun 15 04:35:06 UTC 2018 

hi systemd'ers , i'm sure this is known, but for the life of me i cant
seems to know why.

tldr; aparently i loose all auxiliary groups of root when i execute a unit.

i'll explain (i try this on v238).

when i'm logged in as root, and i execute `id` i get all the groups that
root belong to. but when i do the same in a systemd unit (e.g. under a
transien unit, a la systemd-run) i loose all groups. i suspect that this is
because the getgroups system call returns a different value, but for the
life of me, i don't know why or how. i'll show

on my normal bash

```
[homex ~]# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),19(log)
```

i get all the groups, but if i run it with systemd-run

```
[homex ~]# systemd-run --pty id
Running as unit: run-u207.service
Press ^] three times within 1s to disconnect TTY.
uid=0(root) gid=0(root) groups=0(root)
```

the only group i see is root, now for the semi weird part, if i execute `id
root`, i do get all the groups

```
[homex ~]# systemd-run --pty id root
Running as unit: run-u220.service
Press ^] three times within 1s to disconnect TTY.
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),19(log)
```

this is because getgroups return a diferent value if i'm in the unit or
logged in

```
[homex ~]# strace id 2>&1 | grep getgroups
getgroups(0, NULL)                      = 8
getgroups(8, [0, 1, 2, 3, 4, 6, 10, 19]) = 8

[homex ~]# systemd-run --pty strace id 2>&1 | grep getgroups
getgroups(0, NULL)                      = 0
getgroups(0, [])                        = 0
```

and the reson why i gett all the groups when i execute `id root`, is
because that does not ask for groups, but call libnss instead

```
[homex ~]# systemd-run --pty strace id root 2>&1 | grep getgroups
[homex ~]# systemd-run --pty strace id root 2>&1 | grep libnss
openat(AT_FDCWD, "/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/libnss_systemd.so.2", O_RDONLY|O_CLOEXEC) = 3
```

i guess i just wanna understand why this is, why this system call return
different values if i'm in bash or if i'm in a unit.

thanks guys!

Alvaro Leiva Geisse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180614/3e42c266/attachment.html>

More information about the systemd-devel mailing list