setuid and setgid leaves user in 0 (wheel) group

petr999 has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I do setgid the way I'm aware of. But user is still in 0 group after that:

uid=20020(fcgi) gid=20020(fcgi) groups=20020(fcgi),0(wheel)

of course it is not included in 0 group in /etc/groups

use POSIX;
my( $uid, $gid ) = qw/20020 20020/;
setgid( $gid ); $) = $gid; $( = $gid; die "Set group ($gid): $!"
  if ( $( != $gid ) or ( $) != $gid );
setuid( $uid ); $> = $uid; $< = $uid; die "Set user ($uid): $!"
  if ( $< != $uid ) or ( $> != $uid );
print `id`;
[download]

There are definitely things I'm missing here. Is it possible to avoid any other group from to appear on getgroups() ?
Thank you.

Peter Vereshagin peter@vereshagin.org http://vereshagin.org

Comment on setuid and setgid leaves user in 0 (wheel) group Download Code

Replies are listed 'Best First'.
Re: setuid and setgid leaves user in 0 (wheel) group by bingos (Vicar) on Dec 17, 2010 at 12:21 UTC
According to perlvar for $): The first number sets the effective gid, and the rest (if any) are passed to setgroups(). To get the effect of an empty list for setgroups(), just repeat the new effective gid So: `$) = "$gid $gid";` [download] The following code on my machine (NetBSD): use strict; use warnings; use POSIX; my( $uid, $gid ) = qw/32767 32766/; setgid( $gid ); $) = "$gid $gid"; $( = $gid; die "Set group ($gid): $! +" if ( $( != $gid ) or ( $) != $gid ); setuid( $uid ); $> = $uid; $< = $uid; die "Set user ($uid): $!" if ( $< != $uid ) or ( $> != $uid ); print `id`; [download] Produces: `uid=32767(nobody) gid=32766(nogroup) groups=32766(nogroup)` [download]	[reply] [d/l] [select]
Re^2: setuid and setgid leaves user in 0 (wheel) group by petr999 (Acolyte) on Dec 17, 2010 at 13:26 UTC
`$) = "$gid $gid"` [download] Cool, it works, thanks!	[reply] [d/l]


laziness, impatience, and hubris
	PerlMonks