On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker <
ipsen@ripsbusker.no.eu.org> wrote:
> Aside from compatibility, what is the purpose of primary groups,
> compared to secondary groups?
>
> Said otherwise, why do we have both primary and secondary groups
> rather than only secondary groups?
>
> Yet another phrasing: Why do I need to set a primary group?
>
Secondary groups can only be set, all at once, when running as root (e.g.,
login, sshd), while the primary group can be altered by setgid binaries and
then switched among using set*gid(2).
For filesystem objects like files and directories, the BSD behavior is for
the object to get its group from the directory in which it was created,
ignoring the groups of the process that created it. On more SysV-like
systems the default is to take the primary group of the process that
created it. However, for objects that exist in the kernel but not the
filesystem such as pipes, sockets, and SysV shared memory segments,
semaphores, and message queues, the common behavior is to take the primary
group of the process that created it. This doesn't have much effect other
than fstat() for pipes and sockets, but for SysV stuff it affects what
operations processes can perform.
Philip Guenther
No comments:
Post a Comment