Using rsh without root rights, initgroups fails with EPERM

[Henry-Joseph Audéoud]

Hi all,

Patch in [1] restore supplementary groups when dropping privileges.  It 
uses `initgroups` for that.  However, when tar is run as a user, it 
cannot call `initgroups` (EPERM).

    $ LANG=C tar xf remote-host:test.tar --rsh-command=/usr/bin/ssh
    tar: initgroups: Operation not permitted
    tar: Error is not recoverable: exiting now
    tar: remote-host\:test.tar: Cannot open: Input/output error
    tar: Error is not recoverable: exiting now

Note that there is no need of using `initgroups` in this situation as 
user is not getting specific privileges.

[1] https://lists.gnu.org/archive/html/bug-tar/2021-02/msg00004.html




Skipping the EPERM error (as for `getgid` and `getuid` below) fix the 
problem (the same command works as expected):

---
 lib/rtapelib.c | 2 +-
 paxlib/rtape.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rtapelib.c b/lib/rtapelib.c
index d7b8b36..7de6317 100644
--- a/lib/rtapelib.c
+++ b/lib/rtapelib.c
@@ -365,7 +365,7 @@ sys_reset_uid_gid (void)

   if (!pw)
     return "getpwuid";
-  if (initgroups (pw->pw_name, gid) != 0)
+  if (initgroups (pw->pw_name, gid) != 0 && errno != EPERM)
     return "initgroups";
   if (gid != getegid () && setgid (gid) != 0 && errno != EPERM)
     return "setgid";
diff --git a/paxlib/rtape.c b/paxlib/rtape.c
index 1089d92..9565eda 100644
--- a/paxlib/rtape.c
+++ b/paxlib/rtape.c
@@ -370,7 +370,7 @@ sys_reset_uid_gid (void)

   if (!pw)
     return "getpwuid";
-  if (initgroups (pw->pw_name, gid) != 0)
+  if (initgroups (pw->pw_name, gid) != 0 && errno != EPERM)
     return "initgroups";
   if (gid != getegid () && setgid (gid) != 0 && errno != EPERM)
     return "setgid";

--
Henry-Joseph Audéoud

OpenPGP_signature
Description: OpenPGP digital signature