From tobez@plab.ku.dk  Sat Dec 11 11:45:03 1999
Return-Path: <tobez@plab.ku.dk>
Received: from plab.ku.dk (plab.ku.dk [130.225.105.65])
	by hub.freebsd.org (Postfix) with ESMTP id 815BA15162
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 11 Dec 1999 11:45:02 -0800 (PST)
	(envelope-from tobez@plab.ku.dk)
Received: from lion.plab.ku.dk (lion.plab.ku.dk [130.225.105.49])
	by plab.ku.dk (8.9.3/8.9.3) with ESMTP id UAA54147
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 11 Dec 1999 20:46:18 +0100 (CET)
	(envelope-from tobez@plab.ku.dk)
Received: (from tobez@localhost)
	by lion.plab.ku.dk (8.9.3/8.9.3) id UAA51696;
	Sat, 11 Dec 1999 20:45:04 +0100 (CET)
	(envelope-from tobez)
Message-Id: <199912111945.UAA51696@lion.plab.ku.dk>
Date: Sat, 11 Dec 1999 20:45:04 +0100 (CET)
From: tobez@plab.ku.dk
Reply-To: tobez@plab.ku.dk
To: FreeBSD-gnats-submit@freebsd.org
Subject: initgroups(3) spits out messages to stderr;  it probably shouldn't
X-Send-Pr-Version: 3.2

>Number:         15421
>Category:       misc
>Synopsis:       initgroups(3) spits out messages to stderr;  it probably shouldn't
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    tobez
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 11 11:50:02 PST 1999
>Closed-Date:    Wed Nov 28 02:48:16 PST 2001
>Last-Modified:  Wed Nov 28 02:56:11 PST 2001
>Originator:     Anton Berezin
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
The Protein Laboratory, University of Copenhagen
>Environment:

src/lib/libc/gen/initgroups.c since 1994.

>Description:

On two occasions, initgroups(3) uses warn()/warnx() to print messages on
the standard error.  The first one might be justified (`user is in too
many groups'), the second one, which reports the failure of the call to
setgroups(2), is definitely not:  in this case initgroups(3) returns -1,
and errno will be set by setgroups(2), so the caller is able to perform
a check on its own.

This warning bites, for example, when CVS in pserver mode is run as
non-root:  the warning gets printed due to EPERM, and the CVS client
gets confused by unexpected output.

If, for whatever reasons, you decide to keep this warning, please do fix
the manpage, which does not say a thing about such behavior.  A good
example is the getbsize(3) manpage, it clearly states the possibility of
writing warning messages.

>How-To-Repeat:

Compile and run as non-root this program:

   #include <errno.h>
   #include <unistd.h>
   #include <sys/types.h>
   #include <pwd.h>

   int
   main( void)
   {
      struct passwd *pw = getpwuid( getuid());

      if (!pw)
         errc( 1, errno, "getpwuid() failed");
      if ( initgroups( pw-> pw_name, pw-> pw_gid) < 0)
         errc( 1, errno, "initgroups(3) failed");
      return 0;
   }

You should get this:

   initg: setgroups: Operation not permitted
   initg: initgroups(3) failed: Operation not permitted

>Fix:

The fix I prefer (note that the first warning stays where it is):

--- /usr/src/lib/libc/gen/initgroups.c	Fri Jul 12 20:53:56 1996
+++ initgroups.c	Sat Dec 11 20:30:54 1999
@@ -53,7 +53,6 @@
 		warnx("%s is in too many groups, using first %d",
 		    uname, ngroups);
 	if (setgroups(ngroups, groups) < 0) {
-		warn("setgroups");
 		return (-1);
 	}
 	return (0);
--- /usr/src/lib/libc/gen/initgroups.3	Sun Aug 29 12:40:15 1999
+++ initgroups.3	Sat Dec 11 20:42:03 1999
@@ -58,6 +58,13 @@
 is automatically included in the groups list.
 Typically this value is given as
 the group number from the password file.
+.Pp
+If the user is in too many groups, a warning message is written
+to standard error and the first
+.Dv NGROUPS ,
+as defined in 
+.Ao Pa sys/param.h Ac ,
+are used.
 .Sh RETURN VALUES
 The
 .Fn initgroups


Cheers, Anton.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->tobez 
Responsible-Changed-By: tobez 
Responsible-Changed-When: Thu Jun 14 01:41:48 PDT 2001 
Responsible-Changed-Why:  
It's my PR. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=15421 

From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Terry Lambert <tlambert2@mindspring.com>
Cc: Max Khon <fjoe@iclub.nsu.ru>, current@FreeBSD.ORG,
	tobez@FreeBSD.ORG
Subject: Re: misc/15421 (was: Re: initgroups)
Date: Mon, 19 Nov 2001 18:19:50 +0200

 On Tue, Nov 13, 2001 at 02:28:57PM -0800, Terry Lambert wrote:
 > Max Khon wrote:
 > > 
 > > hi, there!
 > > 
 > > Any objections if I will commit the following patch (see PR/15421)?
 > 
 > Can setgroups return a positive number?  If so, you've just changed
 > the semantics of the funtion; before, it used to return 0 on 0 or a
 > positive number.
 > 
 No.  setgroups() is a syscall, and as such returns either 0 or -1.
 
 > Also, is removing the _warn() really the only thing you want to
 > accomplish?  It should probably be seperate.
 > 
 I have intended to commit the below patch for almost a year now,
 just haven't had enough time to actually fo it.  NetBSD runs with
 this fix since 1999.
 
 Index: initgroups.c
 ===================================================================
 RCS file: /home/ncvs/src/lib/libc/gen/initgroups.c,v
 retrieving revision 1.4
 diff -u -p -r1.4 initgroups.c
 --- initgroups.c	2001/08/29 13:52:26	1.4
 +++ initgroups.c	2001/11/19 16:16:11
 @@ -56,12 +56,6 @@ initgroups(uname, agroup)
  	int groups[NGROUPS], ngroups;
  
  	ngroups = NGROUPS;
 -	if (getgrouplist(uname, agroup, groups, &ngroups) < 0)
 -		warnx("%s is in too many groups, using first %d",
 -		    uname, ngroups);
 -	if (setgroups(ngroups, groups) < 0) {
 -		_warn("setgroups");
 -		return (-1);
 -	}
 -	return (0);
 +	getgrouplist(uname, agroup, groups, &ngroups);
 +	return (setgroups(ngroups, groups);
  }
 Index: initgroups.3
 ===================================================================
 RCS file: /home/ncvs/src/lib/libc/gen/initgroups.3,v
 retrieving revision 1.10
 diff -u -p -r1.10 initgroups.3
 --- initgroups.3	2001/10/01 16:08:51	1.10
 +++ initgroups.3	2001/11/19 16:16:11
 @@ -61,10 +61,14 @@ is automatically included in the groups 
  Typically this value is given as
  the group number from the password file.
  .Sh RETURN VALUES
 +.Rv -std initgroups
 +.Sh ERRORS
  The
  .Fn initgroups
 -function
 -returns \-1 if it was not invoked by the super-user.
 +function may fail and set
 +.Va errno
 +for any of the errors specified for the library function
 +.Xr setgroups 2 .
  .Sh SEE ALSO
  .Xr setgroups 2 ,
  .Xr getgrouplist 3
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
State-Changed-From-To: open->closed 
State-Changed-By: tobez 
State-Changed-When: Wed Nov 28 02:48:16 PST 2001 
State-Changed-Why:  
A different fix committed. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=15421 
>Unformatted:
