I am trying to use Process::GID.change_privilege to get a root process
to assume the full group permissions of a specified user. However, it
seems that the process does not assume the proper group permissions of
the new group.
Consider the following scenario (running on Linux Centos 5):
- I have a normal user account ‘scott’ with UID = GID = 502. This user
belongs to two groups (‘scott’ and ‘testdev’), which can be seen as
[scott@localhost ~]$ irb
=> “scott testdev\n”
- Now, when I run the ruby interpreter as root and attempt to switch to
user 502, I get the following output:
[root@localhost ~]# irb
=> “root bin daemon sys adm disk wheel\n”
=> “scott root bin daemon sys adm disk wheel\n”
Notice here how the process has correctly assumed the privileges of
group ‘scott’, but is missing the ‘testdev’ group.
Also, why does the process still have all the root user group
privileges too? Should they not have been revoked?
Note: if I do the same thing using shell commands I get the correct
result as expected:
[root@localhost ~]# groups
root bin daemon sys adm disk wheel
[root@localhost ~]# su - scott
[scott@localhost ~]$ groups
Can anyone please explain why this doesn’t work as expected? How can I
achieve this desired outcome with ruby?