id: output the effective group for the process

* src/id.c (print_full_info): When no user is specified,
output the effective group for the _process_, rather than
the default group from the system database, which may be different.
* tests/id/setgid.sh: Add a case for `id` as well as `id -G`.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/7320
Reported at http://bugzilla.redhat.com/1016163

diff --git a/NEWS b/NEWS
index 653278528de7b2431fd5e707d73afc10be9c11b0..e5ea77c51d20ef1e7015134f62446bfacc2efd1b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -67,6 +67,12 @@ GNU coreutils NEWS                                    -*- outline -*-
   now copies all input to stdout.  Previously nothing was output in this case.
   [bug introduced with the --lines=-N feature in coreutils-5.0.1]
 
+  id, when invoked with no user name argument, now prints the correct group ID.
+  Previously, in the default output format, it would print the default group ID
+  in the password database, which may be neither real nor effective.  For e.g.,
+  when run set-GID, or when the database changes outside the current session.
+  [bug introduced in coreutils-8.1]
+
   ln -sf now replaces symbolic links whose targets can't exist.  Previously
   it would display an error, requiring --no-dereference to avoid the issue.
   [bug introduced in coreutils-5.3.0]

diff --git a/src/id.c b/src/id.c
index 3348f8013edb144b9e1c3838b2ce5895eed7f578..f46bb41b59b5ed52804f46914e509f2f2fbb0ff7 100644 (file)
--- a/src/id.c
+++ b/src/id.c
@@ -399,19 +399,20 @@ print_full_info (const char *username)
     gid_t *groups;
     int i;
 
-    int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
-                               &groups);
+    gid_t primary_group;
+    if (username)
+      primary_group = pwd ? pwd->pw_gid : -1;
+    else
+      primary_group = egid;
+
+    int n_groups = xgetgroups (username, primary_group, &groups);
     if (n_groups < 0)
       {
         if (username)
-          {
-            error (0, errno, _("failed to get groups for user %s"),
-                   quote (username));
-          }
+          error (0, errno, _("failed to get groups for user %s"),
+                 quote (username));
         else
-          {
-            error (0, errno, _("failed to get groups for the current process"));
-          }
+          error (0, errno, _("failed to get groups for the current process"));
         ok = false;
         return;
       }

diff --git a/tests/id/setgid.sh b/tests/id/setgid.sh
index aa43ea37fd6a22804483d510162c5c91cb5ded2d..0664c47a2d9f62e135125e85b09d3a473e398838 100755 (executable)
--- a/tests/id/setgid.sh
+++ b/tests/id/setgid.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Verify that id -G prints the right group when run set-GID.
+# Verify that id [-G] prints the right group when run set-GID.
 
 # Copyright (C) 2012-2014 Free Software Foundation, Inc.
 
@@ -20,16 +20,22 @@
 print_ver_ id
 require_root_
 
-g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+u=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+g=$u
 
 # Construct a different group number.
 gp1=$(expr $g + 1)
 
 echo $gp1 > exp || framework_failure_
 
-chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
-  id -G > out || fail=1
-compare exp out || fail=1
 # With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+chroot --user=+$u:+$gp1 --groups='' / env PATH="$PATH" \
+  id -G > out || fail=1
+compare exp out || { cat out; fail=1; }
+
+# With coreutils-8.22 and earlier, id would erroneously print groups=$g
+chroot --user=+$u:+$gp1 --groups='' / env PATH="$PATH" \
+  id > out || fail=1
+grep -F "groups=$gp1" out || { cat out; fail=1; }
 
 Exit $fail