CC-tea/coreutils
1
0
Fork 0
mirror of git://git.sv.gnu.org/coreutils.git synced 2026-02-13 19:02:02 +02:00
Code Issues Projects Releases Wiki Activity
Files
master
coreutils/tests/chroot/chroot-credentials.sh

124 lines
4.3 KiB
Bash
Raw Permalink Normal View History

chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
#!/bin/sh
# Verify that the credentials are changed correctly.
maint: run 'make update-copyright'
2026-01-01 10:56:16 -08:00
# Copyright (C) 2009-2026 Free Software Foundation, Inc.
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
all: prefer HTTPS in URLs
2017-09-19 01:13:23 -07:00
# along with this program. If not, see <https://www.gnu.org/licenses/>.
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
build: don't use recursive make for tests/ subdirectory * Makefile.am (SUBDIRS): Remove 'tests'. (include): The '$(top_srcdir)/tests/local.mk' file. (check-root): Remove this convenience target, it's no longer needed now that the "real" check-root target once in 'tests/Makefile' will land in the top-level makefile. * configure.ac (AC_CONFIG_FILES): Remove 'tests/Makefile'. * tests/Makefile.am: Rename ... * tests/local.mk: ... like this, with a lot of adjustments. * tests/init.cfg: Move ... * init.cfg: ... here. This is necessary, for a limitation of the gnulib-provided 'tests/init.sh', which unconditionally look for 'init.cfg' in the $(srcdir) directory. * tests/*/*.sh: Adjust: expect init.sh to be in '$srcdir/tests', not in '$srcdir', and extend $PATH with './src', not with '../src'. * tests/Coreutils.pm: Adjust similarly. * tests/pr/pr-tests.pl ($pfx): Likewise.
2012-09-02 21:55:12 +02:00
. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
tests: substitute the single-program $VERBOSE/--version uses Automatically make all of the changes like this: -test "$VERBOSE" = yes && chgrp --version +print_ver_ chgrp git grep -l 'VERBOSE.*--version'|xargs perl -pi -e \ 's/test "\$VERBOSE" = yes && (\w+) --version/print_ver_ $1/'
2010-11-17 21:35:31 +01:00
print_ver_ chroot
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
require_root_
tests: add extra protection against unexpected exits Many tests use `program ... && fail=1` to ensure expected error situations are indicated. However that would mask an unexpected exit (like a crash). Therefore explicitly check the expected exit code. Note where error messages are also verified, the extra protection is not added. * tests/init.sh (returns_): A new helper function to check the return code of a command, and used throughout the tests. * cfg.mk (sc_prohibit_and_fail_1): Add a syntax check to avoid new instances of this issue.
2015-01-13 03:30:33 +00:00
EXIT_CANCELED=125
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
grep '^#define HAVE_SETGROUPS 1' "$CONFIG_HEADER" >/dev/null \
&& HAVE_SETGROUPS=1
root=$(id -nu 0) || skip_ "Couldn't look up root username"
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# verify numeric IDs looked up similarly to names
NON_ROOT_UID=$(id -u $NON_ROOT_USERNAME)
tests: use predetermined NON_ROOT_GID * HACKING: GID is more useful in tests than group name, so rename input param from NON_ROOT_GROUP to NON_ROOT_GID to make it obvious that only a group ID is now acceptable, thus allowing GID lookups to be avoided throughout the tests. * init.cfg (require_root_): Likewise. * tests/misc/truncate-owned-by-other.sh: Avoid looking up the GID. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-credentials.sh: Likewise. Also fix an instance of comparison against NON_ROOT_GROUP which would have given a false failure if a non numeric value was passed in. * tests/id/setgid.sh: Use previously looked up gid as a more accurate base for the subsequent adjustment, and move the uid lookup within chroot, rather than having the overhead of a separate `id` invocation.
2014-06-26 12:41:01 +01:00
NON_ROOT_GROUP=$NON_ROOT_GID # Used where we want name lookups to occur
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# "uid:" is supported (unlike chown etc.) since we treat it like "uid"
chroot --userspec=$NON_ROOT_UID: / true || fail=1
# verify that invalid groups are diagnosed
for g in ' ' ',' '0trail'; do
tests: add extra protection against unexpected exits Many tests use `program ... && fail=1` to ensure expected error situations are indicated. However that would mask an unexpected exit (like a crash). Therefore explicitly check the expected exit code. Note where error messages are also verified, the extra protection is not added. * tests/init.sh (returns_): A new helper function to check the return code of a command, and used throughout the tests. * cfg.mk (sc_prohibit_and_fail_1): Add a syntax check to avoid new instances of this issue.
2015-01-13 03:30:33 +00:00
returns_ $EXIT_CANCELED chroot --groups="$g" / id -G >invalid || fail=1
compare /dev/null invalid || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
done
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
# Verify that root credentials are kept.
tests: parameterize the "root" username * tests/misc/chroot-credentials.sh: Don't assume uid 0 has the "root" name, nor any name for that matter.
2013-09-22 03:59:58 +01:00
test $(chroot / whoami) = "$root" || fail=1
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
test "$(groups)" = "$(chroot / groups)" || fail=1
# Verify that credentials are changed correctly.
coreutils: keep lines within 80-column limits * cfg.mk (LINE_LEN_MAX, FILTER_LONG_LINES): New macros. (sc_long_lines): New rule. * HACKING: Use shorter URLs to the same material. * doc/Makefile.am, doc/coreutils.texi, m4/boottime.m4: * man/help2man, man/stdbuf.x, src/Makefile.am, src/cat.c, src/copy.c: * src/cp.c, src/dd.c, src/df.c, src/du.c, src/groups.c, src/install.c: * src/ls.c, src/md5sum.c, src/mv.c, src/od.c, src/pinky.c, src/ptx.c: * src/readlink.c, src/remove.c, src/rmdir.c, src/setuidgid.c: * src/sort.c, src/tail.c, src/touch.c, tests/Coreutils.pm: * tests/cp/existing-perm-race, tests/cp/perm, tests/cp/preserve-gid: * tests/du/2g, tests/du/long-from-unreadable, tests/init.sh: * tests/install/basic-1, tests/ls/nameless-uid: * tests/ls/readdir-mountpoint-inode, tests/misc/chroot-credentials: * tests/misc/cut, tests/misc/date, tests/misc/join, tests/misc/md5sum: * tests/misc/sha1sum, tests/misc/sha224sum, tests/misc/sort: * tests/misc/sort-continue, tests/misc/sort-files0-from: * tests/misc/sort-rand, tests/misc/stdbuf, tests/misc/tr: * tests/misc/uniq, tests/mv/atomic, tests/mv/part-fail: * tests/mv/part-symlink, tests/mv/sticky-to-xpart, tests/pr/pr-tests: * tests/rm/fail-2eperm, tests/rm/interactive-always: Reformat to fit within 80 columns. * doc/Makefile.am (BAD_POSIX_PERL): New macro. * doc/coreutils.texi: Reword slightly, to make menus and index lines shorter. * src/md5sum.c: Redo --help output so that it fits within 79 columns, since that's a bit more portable and all the other --help strings fit in 79 columns.
2010-12-28 12:28:48 -08:00
whoami_after_chroot=$(
chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP / whoami
)
tests: parameterize the "root" username * tests/misc/chroot-credentials.sh: Don't assume uid 0 has the "root" name, nor any name for that matter.
2013-09-22 03:59:58 +01:00
test "$whoami_after_chroot" != "$root" || fail=1
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that when specifying only a group we don't change the
# list of supplemental groups
test "$(chroot --userspec=:$NON_ROOT_GROUP / id -G)" = \
"$NON_ROOT_GID $(id -G)" || fail=1
if ! test "$HAVE_SETGROUPS"; then
Exit $fail
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
fi
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
test: avoid FP in chroot-credentials.sh for different group list order On my openSUSE:Tumbleweed system, I get a false positive test failure in the above 'check-root' test because the group lists inside and outside the chroot have a different order: ++ chroot --userspec=berny / id -G ++ id -G berny + test '100 454 457 480 492' = '100 480 492 457 454' + fail=1 * tests/misc/chroot-credentials.sh (num_sort): Add function to sort group lists, and use it in the test cases which test multiple groups.
2018-10-20 02:00:11 +02:00
# Change all whitespaces to newlines, then sort the input.
# Use for tests with more groups in 'id' output.
num_sort() { tr -s ' ' '\n' | sort -n; }
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that there are no additional groups.
id_G_after_chroot=$(
chroot --userspec=$NON_ROOT_USERNAME:$NON_ROOT_GROUP \
--groups=$NON_ROOT_GROUP / id -G
)
tests: use predetermined NON_ROOT_GID * HACKING: GID is more useful in tests than group name, so rename input param from NON_ROOT_GROUP to NON_ROOT_GID to make it obvious that only a group ID is now acceptable, thus allowing GID lookups to be avoided throughout the tests. * init.cfg (require_root_): Likewise. * tests/misc/truncate-owned-by-other.sh: Avoid looking up the GID. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-credentials.sh: Likewise. Also fix an instance of comparison against NON_ROOT_GROUP which would have given a false failure if a non numeric value was passed in. * tests/id/setgid.sh: Use previously looked up gid as a more accurate base for the subsequent adjustment, and move the uid lookup within chroot, rather than having the overhead of a separate `id` invocation.
2014-06-26 12:41:01 +01:00
test "$id_G_after_chroot" = $NON_ROOT_GID || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that when specifying only the user name we get all their groups
test: avoid FP in chroot-credentials.sh for different group list order On my openSUSE:Tumbleweed system, I get a false positive test failure in the above 'check-root' test because the group lists inside and outside the chroot have a different order: ++ chroot --userspec=berny / id -G ++ id -G berny + test '100 454 457 480 492' = '100 480 492 457 454' + fail=1 * tests/misc/chroot-credentials.sh (num_sort): Add function to sort group lists, and use it in the test cases which test multiple groups.
2018-10-20 02:00:11 +02:00
test "$(chroot --userspec=$NON_ROOT_USERNAME / id -G | num_sort)" = \
"$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Ditto with trailing : on the user name.
test: avoid FP in chroot-credentials.sh for different group list order On my openSUSE:Tumbleweed system, I get a false positive test failure in the above 'check-root' test because the group lists inside and outside the chroot have a different order: ++ chroot --userspec=berny / id -G ++ id -G berny + test '100 454 457 480 492' = '100 480 492 457 454' + fail=1 * tests/misc/chroot-credentials.sh (num_sort): Add function to sort group lists, and use it in the test cases which test multiple groups.
2018-10-20 02:00:11 +02:00
test "$(chroot --userspec=$NON_ROOT_USERNAME: / id -G | num_sort)" = \
"$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that when specifying only the user and clearing supplemental groups
# that we only get the primary group
test "$(chroot --userspec=$NON_ROOT_USERNAME --groups='' / id -G)" = \
tests: use predetermined NON_ROOT_GID * HACKING: GID is more useful in tests than group name, so rename input param from NON_ROOT_GROUP to NON_ROOT_GID to make it obvious that only a group ID is now acceptable, thus allowing GID lookups to be avoided throughout the tests. * init.cfg (require_root_): Likewise. * tests/misc/truncate-owned-by-other.sh: Avoid looking up the GID. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-credentials.sh: Likewise. Also fix an instance of comparison against NON_ROOT_GROUP which would have given a false failure if a non numeric value was passed in. * tests/id/setgid.sh: Use previously looked up gid as a more accurate base for the subsequent adjustment, and move the uid lookup within chroot, rather than having the overhead of a separate `id` invocation.
2014-06-26 12:41:01 +01:00
$NON_ROOT_GID || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that when specifying only the UID we get all their groups
test: avoid FP in chroot-credentials.sh for different group list order On my openSUSE:Tumbleweed system, I get a false positive test failure in the above 'check-root' test because the group lists inside and outside the chroot have a different order: ++ chroot --userspec=berny / id -G ++ id -G berny + test '100 454 457 480 492' = '100 480 492 457 454' + fail=1 * tests/misc/chroot-credentials.sh (num_sort): Add function to sort group lists, and use it in the test cases which test multiple groups.
2018-10-20 02:00:11 +02:00
test "$(chroot --userspec=$NON_ROOT_UID / id -G | num_sort)" = \
"$(id -G $NON_ROOT_USERNAME | num_sort)" || fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Verify that when specifying only the user and clearing supplemental groups
# that we only get the primary group. Note this variant with prepended '+'
# results in no lookups in the name database which could be useful depending
# on your chroot setup.
test "$(chroot --userspec=+$NON_ROOT_UID:+$NON_ROOT_GID --groups='' / id -G)" =\
tests: use predetermined NON_ROOT_GID * HACKING: GID is more useful in tests than group name, so rename input param from NON_ROOT_GROUP to NON_ROOT_GID to make it obvious that only a group ID is now acceptable, thus allowing GID lookups to be avoided throughout the tests. * init.cfg (require_root_): Likewise. * tests/misc/truncate-owned-by-other.sh: Avoid looking up the GID. * tests/touch/now-owned-by-other.sh: Likewise. * tests/misc/chroot-credentials.sh: Likewise. Also fix an instance of comparison against NON_ROOT_GROUP which would have given a false failure if a non numeric value was passed in. * tests/id/setgid.sh: Use previously looked up gid as a more accurate base for the subsequent adjustment, and move the uid lookup within chroot, rather than having the overhead of a separate `id` invocation.
2014-06-26 12:41:01 +01:00
$NON_ROOT_GID || fail=1
chroot: don't set bogus user-ID or group-ID for --u=U: or --u=:G * src/chroot.c (main): Initialize both "uid" and "gid". To -1. This also allows one to set the user-ID or primary group-ID to 0, in case it's not that already. * tests/chroot/credentials: Test for the above.
2009-05-27 23:06:15 +02:00
# Verify that when specifying only a group we get the current user ID
test "$(chroot --userspec=:$NON_ROOT_GROUP / id -u)" = "$(id -u)" \
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
|| fail=1
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# verify that arbitrary numeric IDs are supported
test "$(chroot --userspec=1234:+5678 --groups=' +8765,4321' / id -G)" \
|| fail=1
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# demonstrate that extraneous commas are supported
test "$(chroot --userspec=1234:+5678 --groups=',8765,,4321,' / id -G)" \
|| fail=1
# demonstrate that --groups is not cumulative
test "$(chroot --groups='invalid ignored' --groups='' / id -G)" \
|| fail=1
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
if ! id -u +12342; then
# Ensure supplemental groups cleared from some arbitrary unknown ID
test "$(chroot --userspec=+12342:+5678 / id -G)" = '5678' || fail=1
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
chroot: with --userspec clear root's supplemental groups It's dangerous and confusing to leave root's supplemental groups in place when specifying other users with --userspec. In the edge case that that is desired one can explicitly specify --groups. Also we implicitly set the system defined supplemental groups for a user. The existing mechanism where supplemental groups needed to be explicitly specified is confusing and not general when the lookup needs to be done within the chroot. Also we extend the --groups syntax slightly to allow clearing the set of supplementary groups using --groups=''. * src/chroot.c (setgroups): On systems without supplemental groups, clearing then is a noop and so should return success. (main): Lookup the primary GID with getpwuid() when just a numeric uid is specified, and also infer the USERNAME from this call, needed when we're later looking up the supplemental groups for a user. Support clearing supplemental groups, either implicitly for unknown users, or explicitly when --groups='' is specified. * tests/misc/chroot-credentials.sh: Various new test cases * doc/coreutils.texi (chroot invocation): Adjust for the new behavior. * NEWS: Mention the change in behavior.
2014-05-16 09:50:24 +01:00
# Ensure we fail when we don't know what groups to set for an unknown ID
tests: add extra protection against unexpected exits Many tests use `program ... && fail=1` to ensure expected error situations are indicated. However that would mask an unexpected exit (like a crash). Therefore explicitly check the expected exit code. Note where error messages are also verified, the extra protection is not added. * tests/init.sh (returns_): A new helper function to check the return code of a command, and used throughout the tests. * cfg.mk (sc_prohibit_and_fail_1): Add a syntax check to avoid new instances of this issue.
2015-01-13 03:30:33 +00:00
returns_ $EXIT_CANCELED chroot --userspec=+12342 / true || fail=1
chroot: improve --userspec and --groups look-up - Support arbitrary numbers in --groups, consistent with what is already done for --userspec - Avoid look-ups entirely for --groups items with a leading '+' - Support names that are actually numbers in --groups - Ignore an empty --groups="" option for consistency with --userspec - Look up both inside and outside the chroot with inside taking precedence. The look-up outside may load required libraries to complete the look-up inside the chroot. This can happen for example with a 32 bit chroot on a 64 bit system, where the 32 bit NSS plugins within the chroot fail to load. * src/chroot.c (parse_additional_groups): A new function refactored from set_addition_groups(), to just do the parsing. The actual setgroups() call is separated out for calling from the chroot later. (main): Call parse_user_spec() and parse_additional_groups() both outside and inside the chroot for the reasons outlined above. * tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs can be specified without causing look-up errors. * NEWS: Mention the improvements. * THANKS.in: Add Norihiro Kamae who initially reported the issue with a proposed patch. Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
2014-03-03 01:54:36 +00:00
fi
chroot: don't set bogus user-ID or group-ID for --u=U: or --u=:G * src/chroot.c (main): Initialize both "uid" and "gid". To -1. This also allows one to set the user-ID or primary group-ID to 0, in case it's not that already. * tests/chroot/credentials: Test for the above.
2009-05-27 23:06:15 +02:00
chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value.
2009-05-01 23:50:11 +02:00
Exit $fail
Reference in New Issue Copy Permalink