GNU bug report logs -
#72012
[PATCH] id: Warn if user in more groups than `id` can reliably print
Previous Next
Reported by: Otto Kekäläinen <otto <at> kekalainen.net>
Date: Tue, 9 Jul 2024 14:51:01 UTC
Severity: normal
Tags: notabug, patch
Done: Pádraig Brady <P <at> draigBrady.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 72012 in the body.
You can then email your comments to 72012 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Tue, 09 Jul 2024 14:51:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Otto Kekäläinen <otto <at> kekalainen.net>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Tue, 09 Jul 2024 14:51:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
While rare, it is possible for a user to be a member in more groups than
what the system limit allows (on Linux typically NGROUPS_MAX=65536) and
if that is the case, running `id` or `id user` will not print all of
them. This is a minor bug, but easily fixable by emitting a warning if
it happens.
---
src/id.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/id.c b/src/id.c
index 38d5517bd..c572b2d99 100644
--- a/src/id.c
+++ b/src/id.c
@@ -401,6 +401,13 @@ print_full_info (char const *username)
ok &= false;
return;
}
+ else if (sysconf(_SC_NGROUPS_MAX) > 0 && n_groups > sysconf(_SC_NGROUPS_MAX))
+ {
+ fprintf (stderr,
+ _("Warning: User '%s' may be member of more groups than "\
+ "the system allows\n"),
+ (username != NULL) ? username : "");
+ }
if (n_groups > 0)
fputs (_(" groups="), stdout);
--
2.25.1
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Tue, 09 Jul 2024 15:36:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 72012 <at> debbugs.gnu.org (full text, mbox):
On 09/07/2024 05:22, Otto Kekäläinen wrote:
> While rare, it is possible for a user to be a member in more groups than
> what the system limit allows (on Linux typically NGROUPS_MAX=65536) and
> if that is the case, running `id` or `id user` will not print all of
> them. This is a minor bug, but easily fixable by emitting a warning if
> it happens.
> ---
> src/id.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/id.c b/src/id.c
> index 38d5517bd..c572b2d99 100644
> --- a/src/id.c
> +++ b/src/id.c
> @@ -401,6 +401,13 @@ print_full_info (char const *username)
> ok &= false;
> return;
> }
> + else if (sysconf(_SC_NGROUPS_MAX) > 0 && n_groups > sysconf(_SC_NGROUPS_MAX))
> + {
> + fprintf (stderr,
> + _("Warning: User '%s' may be member of more groups than "\
> + "the system allows\n"),
> + (username != NULL) ? username : "");
> + }
>
> if (n_groups > 0)
> fputs (_(" groups="), stdout);
I'm a bit confused with this patch.
If the n_groups is larger than NGROUPS_MAX what consequence will it have?
I.e. is there any point to id(1) warning about this edge case?
id will be able to show all of the n_groups in this case right?
I interpret NGROUPS_MAX as a static limit(ation),
which more dynamic interfaces (like getgrouplist) are not constrained to.
cheers,
Pádraig
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Tue, 09 Jul 2024 20:17:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 72012 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi!
The point is just to emit a warning when this happens. Sure it is rare but
the fix is pretty safe to apply.
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Tue, 09 Jul 2024 22:38:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 72012 <at> debbugs.gnu.org (full text, mbox):
On 09/07/2024 21:15, Otto Kekäläinen wrote:
> Hi!
>
> The point is just to emit a warning when this happens. Sure it is rare but the fix is pretty safe to apply.
OK so id(1) will always show all groups it knows about.
Then the warning message might be along the lines of:
"warning: User '%s' is a member of more groups than the current system limit"
For reference I see a summary of limits of various systems at:
https://www.j3e.de/ngroups.html
cheers,
Pádraig
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Tue, 09 Jul 2024 23:32:01 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
On 7/10/24 00:35, Pádraig Brady wrote:
> OK so id(1) will always show all groups it knows about.
> Then the warning message might be along the lines of:
>
> "warning: User '%s' is a member of more groups than the current
> system limit"
I also am not seeing the point of the proposed diagnostic. I daresay
most users would be more annoyed than usefully warned by the diagnostic;
I know I would.
The rare user concerned about being in "too many" groups can run
'getconf NGROUPS_MAX' and 'id -G | wc -w' and compare.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#72012; Package
coreutils.
(Wed, 10 Jul 2024 08:19:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 72012 <at> debbugs.gnu.org (full text, mbox):
tag 72012 notabug
close 72012
stop
On 10/07/2024 00:31, Paul Eggert wrote:
> On 7/10/24 00:35, Pádraig Brady wrote:
>> OK so id(1) will always show all groups it knows about.
>> Then the warning message might be along the lines of:
>>
>> "warning: User '%s' is a member of more groups than the current
>> system limit"
>
> I also am not seeing the point of the proposed diagnostic. I daresay
> most users would be more annoyed than usefully warned by the diagnostic;
> I know I would.
>
> The rare user concerned about being in "too many" groups can run
> 'getconf NGROUPS_MAX' and 'id -G | wc -w' and compare.
Right.
Given that id can display all the groups,
it's not its responsibility to display potential limits from elsewhere.
cheers,
Pádraig
Added tag(s) notabug.
Request was from
Pádraig Brady <P <at> draigBrady.com>
to
control <at> debbugs.gnu.org.
(Wed, 10 Jul 2024 08:19:02 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
72012 <at> debbugs.gnu.org and Otto Kekäläinen <otto <at> kekalainen.net>
Request was from
Pádraig Brady <P <at> draigBrady.com>
to
control <at> debbugs.gnu.org.
(Wed, 10 Jul 2024 08:19:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 07 Aug 2024 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 327 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.