The setgid() function always exits with a return value of -1 and an errno of
ENOSYS (function not implemented).  So there is no point in trying to call
setgid().

But this doesn't matter, because you are also calling setuid(), which is
implemented and does work.  It will change your uid as requested, but it will
also change your gid too to match the MPE account containing the user you just
switched to.  Thus setuid() implicitly does the same setgid() you would have
done if setgid() was really implemented.

Note that there is a side-effect of setuid() that will change your current
working directory to point to the new user's home group.  So you probably want
to save the cwd by calling getcwd() before setuid(), and then restore the cwd
by calling chdir() afterwards.

- Mark B.

Curtis Larsen wrote:
>
> Thanks -- yep, I'm trying to debug wether or not the system setgid()
> actually does anything, or if it's just "code placebo" somehow.  This is
> all due to the suexec.c code I'm working on, which verifies your GID
> then does a setgid() in addition to a setuid().  setuid() is certainly
> needed, but I'm not sure the setgid() is.
>
> According to your(?) notes regarding Apache, one of the differences MPE
> has is that GIDs aren't like UNIX, since the account names are
> "built-in" -- so I'm thinking setgid() is effectively pointless.  When I
> experiment and take out the setgid() code though, I get Bad Results
> (suexec doesn't finish compiling at all), so I was trying to trace down
> exactly what *else* happens when setgid() is called.

--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *