[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Could svn check permissions?

From: Colin Watson <cjwatson_at_flatline.org.uk>
Date: 2003-09-09 03:32:03 CEST

On Mon, Sep 08, 2003 at 02:50:39PM -0400, John Peacock wrote:
> Jack Repenning wrote:
> >You can still setgid() if the user ID is a member of the group, I
> >think.

You may only setgid() if the provided gid is your real or saved gid, or
if you have "appropriate privileges", which almost always means uid 0.
As a general rule, group membership affects filesystem permissions
(access control, ability to chown() to that group) rather than process
permissions.

  http://www.opengroup.org/onlinepubs/007904975/functions/setgid.html

> >If you're trying to set yourself to a group of which you're not a
> >member, that would be a little weird anyway...
>
> That's what I thought too, but it kept throwing errors. My reading of
> setgid() for unpriveledged processes was that it could only switch to the
> real or saved group, not some other group that the user happened to be a
> member of. Doesn't make much sense to me...

When dropping privileges you generally need to do setgroups(), then
setgid(), then setuid().

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Sep 9 03:33:32 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.