[OpenAFS-devel] setgroups() fails to change pag under linux 2.6

Fri, 14 Jul 2006 11:55:25 -0500

I have a "pag manager" I'm trying to migrate from linux 2.4 to linux 2.6, and 
I seem to have hit a wall.

The manager's function is to select an appropriate (preexisting) pag based on 
the user's identity, cause it to become the pag for the current process, 
and exec a target program.

Under linux 2.4, if I happened to know the group IDs for a given pag, sample 
code like the following allowed a euid=0 process to acquire that pag:

int joinpag (int g0, int g1)
{
  int res, ngroups;
  gid_t grouplist[NGROUPS_MAX];

  if ((ngroups = getgroups (NGROUPS_MAX, grouplist))<0) { return -1; }

  grouplist[0] = (gid_t)g0;
  grouplist[1] = (gid_t)g1;

  if ((res = setgroups (ngroups, grouplist)) < 0) { return -2; }

  return 0;
}

If I try this with a 2.6 kernel, the groups g0 and g1 end up at the _end_ of 
the groups list, and the original pag remains active.

Have other people run into this?  Is there an alternative method to joining an 
existing pag?

Thanks in advance.

Dave Thompson
UW-Madison