[LU-3890] $RUNAS does not clear supplementary GID list Created: 05/Sep/13 Updated: 31/Jan/22 |
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.5.0, Lustre 2.15.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | John Hammond | Assignee: | WC Triage |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | test | ||
| Severity: | 3 |
| Rank (Obsolete): | 10142 |
| Description |
|
In lustre/tests/cfg/local.sh RUNAS is defined as "runas -u $RUNAS_ID -g $RUNAS_GID". This does not clear the supplementary GID list. Hence commands invoked by RUNAS have root group rights. # llmount.sh # cd /mnt/lustre # umask 0002 # touch f0 # ls -l f0 -rw-rw-r-- 1 root root 0 Sep 5 14:12 f0 # echo 'Archibald Barisol' | runas -u 500 -g 500 tee f0 running as uid/gid/euid/egid 500/500/500/500, groups: [tee] [f0] Archibald Barisol # cat f0 Archibald Barisol I don't know of a test that is directly affected by this but I lost some time because of it today. |
| Comments |
| Comment by Andreas Dilger [ 31/Jan/22 ] |
# runas -u 500 -g 500 id uid=500(tstusr) gid=500(tstgrp) groups=500(tstgrp),0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |