I am trying to use Process::GID.change_privilege to get a root process
to assume the full group permissions of a specified user. However, it
seems that the process does not assume the proper group permissions of
the new group.
Consider the following scenario (running on Linux Centos 5):
* I have a normal user account 'scott' with UID = GID = 502. This user
belongs to two groups ('scott' and 'testdev'), which can be seen as
[scott@localhost ~]$ irb
=> "scott testdev\n"
* Now, when I run the ruby interpreter as root and attempt to switch to
user 502, I get the following output:
[root@localhost ~]# irb
=> "root bin daemon sys adm disk wheel\n"
=> "scott root bin daemon sys adm disk wheel\n"
* Notice here how the process has correctly assumed the privileges of
group 'scott', but is missing the 'testdev' group.
* Also, why does the process still have all the root user group
privileges too? Should they not have been revoked?
Note: if I do the same thing using shell commands I get the correct
result as expected:
[root@localhost ~]# groups
root bin daemon sys adm disk wheel
[root@localhost ~]# su - scott
[scott@localhost ~]$ groups
Can anyone please explain why this doesn't work as expected? How can I
achieve this desired outcome with ruby?
Posted via http://www.ruby-forum.com/.