Fix behaviour of group initialisation when run-as specified by uid

The "run-as" setting can be specified via numerical user id rather than username. This is intended mainly for cases where services may be loaded before the system user ("passwd") and group database are available, eg. in early initial ramdisk. Documentation has always stated that if a numerical setting is used, the group is not looked up from the database and the process runs as the same group as dinit. The behaviour had diverged from this; restore that behaviour now. In addition, clarify in the documentation that supplementary groups are dropped in this case.
davmac314 · Aug 11, 2023 · 985ce98 · 985ce98
1 parent 0212d3c
commit 985ce98
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/doc/manpages/dinit-service.5.m4 b/doc/manpages/dinit-service.5.m4
@@ -163,9 +163,11 @@ The value is subject to variable substitution (see \fBVARIABLE SUBSTITUTION\fR).
 Specifies which user to run the process(es) for this service as.
 Specify as a username or numeric ID.
 If specified by name, the group for the process will also be set to the primary
-group of the specified user.
-Supplementary groups will be initialized unless disabled, not supported on
-the platform, or the user could not be found in passwd database.
+group of the specified user, and supplementary groups will be initialised (unless support
+for them is disabled) according to the system's group database.
+If specified by number, the group for the process will remain the same as that of the
+running \fBdinit\fR process, and all supplementary groups will be dropped (unless support
+has been disabled).
 .TP
 \fBenv\-file\fR = \fIfile\fR
 Specifies a file containing value assignments for environment variables, in the same

diff --git a/src/includes/load-service.h b/src/includes/load-service.h
@@ -1014,7 +1014,13 @@ class service_settings_wrapper
         // likewise for "run as" gid/uid, but only if we aren't supporting supplementary group initialisation
         // (if we do support supplementary groups, run_as_gid==-1 means "use the user groups including
         // supplementary groups" whereas run_as_gid==X means "use group X with no supplementary groups").
-#if !USE_INITGROUPS
+#if USE_INITGROUPS
+        if (run_as_uid_gid == -1 && run_as_gid == -1) {
+            // run-as-UID specified by number; set run_as_gid to inhibit initialisation of
+            // supplementary groups
+            run_as_gid = getgid();
+        }
+#else // !USE_INITGROUPS
         if (run_as_gid == (gid_t)-1) run_as_gid = run_as_uid_gid;
 #endif