Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #21477 > unrolled thread

[RFC] PEP 3143: supplementary group list concerns

Back to article view | Back to comp.lang.python

Contents

  [RFC] PEP 3143: supplementary group list concerns Jan Pokorný <jpokorny@redhat.com> - 2012-03-11 03:29 +0100
    Re: [RFC] PEP 3143: supplementary group list concerns Ben Finney <ben+python@benfinney.id.au> - 2012-03-12 09:27 +1100
      Re: [RFC] PEP 3143: supplementary group list concerns Jan Pokorný <jpokorny@redhat.com> - 2012-03-12 00:41 +0100

#21477 — [RFC] PEP 3143: supplementary group list concerns

Hello,

in the light of a recent spot in Python Paste [1], I've come across
the python-daemon [2] implementation and found it also lacks support
for supplementary groups.

First, I just wanted to post a patch to the author, but realized
the broader context of PEP 3143 that would probably deserve
revisiting at the first place.  As the target Python version
seems not to be decided yet, I see a space for it.

If the spirit of solution [2] was to be followed (i.e., initialize
this list with all groups of which user derived from `uid` is
a member + group derived from `gid` (regardless if `uid`/`gid`
is explicit), no change of the PEP would be necessary.
This fact of intented handling of supplementary groups under the hood
still could be mentioned so the users and authors of compatible
interfaces are aware of this "detail".

Another way (in the spirit of systemd [3]) is to extend the interface
with an option (named, e.g., supplementary_groups) for optional
specification of supplemental groups.  The default would be something
as in the previous paragraph.

To be honest, I am not sure how consistently is the concept of
supplementary groups used across various *nixes.
POSIX seems to admit variances, e.g. (via [4]):
----v----
The System Interfaces volume of IEEE Std 1003.1-2001 does not specify
whether the effective group ID of a process is included in its
supplementary group list.
----^----

But I believe this should be addressed before the PEP in question is
brought into effect.

[2] http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471
[3] http://0pointer.de/public/systemd-man/systemd.exec.html
[4] http://pubs.opengroup.org/onlinepubs/000095399/utilities/newgrp.html

Regards,
Jan

[toc] | [next] | [standalone]

#21508

Jan Pokorný <jpokorny@redhat.com> writes:

> in the light of a recent spot in Python Paste [1], I've come across
> the python-daemon [2] implementation and found it also lacks support
> for supplementary groups.

Thank you for your interest in ‘python-daemon’.

To know specifically what you're referring to in most of this message, I
think your reference ‘[1]’ is necessary; but you didn't provide it.

-- 
 \       “Pray, v. To ask that the laws of the universe be annulled in |
  `\     behalf of a single petitioner confessedly unworthy.” —Ambrose |
_o__)                           Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#21511

On 12/03/12 09:27 +1100, Ben Finney wrote:
> Jan Pokorný <jpokorny@redhat.com> writes:
>
>> in the light of a recent spot in Python Paste [1], I've come across
>> the python-daemon [2] implementation and found it also lacks support
>> for supplementary groups.
>
> Thank you for your interest in ‘python-daemon’.
>
> To know specifically what you're referring to in most of this message,
> I think your reference ‘[1]’ is necessary; but you didn't provide it.

My bad, I've sent it with unfinished renumbering.
Please swap [1]+[2] in the quoted part and the missing reference is
http://pypi.python.org/pypi/python-daemon/
(for some reason, this points to 1.5.5, even though 1.6 is also there:
  http://pypi.python.org/pypi/python-daemon/1.6 ).

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web