Re: [hackers] [slock] [PATCH] Properly drop privileges

From: Markus Teich <>
Date: Thu, 8 Sep 2016 23:46:46 +0200


Quentin Rameau wrote:
> > > Just a question though, do we need to set a group to drop privileges
> > > to? Wouldn't getting the gid out of the user name sufficient?
> >
> > why cut the flexibility there?
> It looks more simple to me to just give a user to drop privileges to.
> A user always has a group attached to it, I guess if you setup a user
> to give out all privileges, the corresponding group will be the same.
> I'm not against having it, just raising the question as imho it
> introduces (relative) configuration complexity rather than flexibility.

I think its not much of a complexity to specify the group as well and also is
more explicit than implicitly using the users default group (which might have
some surprises).

> Again I'm not really against that, just asking for some opinions.
> I've got yours!

I don't have a clear opinion on the nogroup vs. nobody matter, but since it is
just a default and can easily be changed I just merged the patch for now (I hope
I got the correct version). If somebody[0] gives a good argument, we'll just
change the default.

Thanks for the contribution, FRIGN.


Received on Thu Sep 08 2016 - 23:46:46 CEST

This archive was generated by hypermail 2.3.0 : Thu Sep 08 2016 - 23:48:17 CEST