2018-03-04 10:09:32 -05:00
|
|
|
require_relative '../../spec_helper'
|
2017-05-07 08:04:49 -04:00
|
|
|
|
|
|
|
describe "Process.groups" do
|
|
|
|
platform_is_not :windows do
|
|
|
|
it "gets an Array of the gids of groups in the supplemental group access list" do
|
|
|
|
groups = `id -G`.scan(/\d+/).map { |i| i.to_i }
|
2020-01-09 01:57:10 -05:00
|
|
|
# Include the standard `id` command output. On macOS, GNU
|
|
|
|
# coreutils `id` is limited to NGROUPS_MAX groups, because of
|
|
|
|
# the backward compatibility of getgroups(2).
|
|
|
|
(groups |= `/usr/bin/id -G`.scan(/\d+/).map { |i| i.to_i }) rescue nil
|
2017-05-07 08:04:49 -04:00
|
|
|
gid = Process.gid
|
|
|
|
|
2018-08-10 01:18:03 -04:00
|
|
|
expected = (groups.sort - [gid]).uniq.sort
|
|
|
|
actual = (Process.groups - [gid]).uniq.sort
|
2017-05-07 08:04:49 -04:00
|
|
|
actual.should == expected
|
|
|
|
end
|
2017-12-01 10:41:50 -05:00
|
|
|
end
|
|
|
|
end
|
2017-05-07 08:04:49 -04:00
|
|
|
|
2017-12-01 10:41:50 -05:00
|
|
|
describe "Process.groups=" do
|
2019-09-09 07:24:03 -04:00
|
|
|
platform_is_not :windows, :android do
|
2017-12-01 10:41:50 -05:00
|
|
|
as_superuser do
|
|
|
|
it "sets the list of gids of groups in the supplemental group access list" do
|
|
|
|
groups = Process.groups
|
2017-05-07 08:04:49 -04:00
|
|
|
Process.groups = []
|
|
|
|
Process.groups.should == []
|
|
|
|
Process.groups = groups
|
|
|
|
Process.groups.sort.should == groups.sort
|
2017-12-01 10:41:50 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
as_user do
|
|
|
|
platform_is :aix do
|
|
|
|
it "sets the list of gids of groups in the supplemental group access list" do
|
2017-05-07 08:04:49 -04:00
|
|
|
# setgroups() is not part of the POSIX standard,
|
|
|
|
# so its behavior varies from OS to OS. AIX allows a non-root
|
|
|
|
# process to set the supplementary group IDs, as long as
|
|
|
|
# they are presently in its supplementary group IDs.
|
|
|
|
# The order of the following tests matters.
|
|
|
|
# After this process executes "Process.groups = []"
|
|
|
|
# it should no longer be able to set any supplementary
|
|
|
|
# group IDs, even if it originally belonged to them.
|
|
|
|
# It should only be able to set its primary group ID.
|
2017-12-01 10:41:50 -05:00
|
|
|
groups = Process.groups
|
2017-05-07 08:04:49 -04:00
|
|
|
Process.groups = groups
|
|
|
|
Process.groups.sort.should == groups.sort
|
|
|
|
Process.groups = []
|
|
|
|
Process.groups.should == []
|
|
|
|
Process.groups = [ Process.gid ]
|
|
|
|
Process.groups.should == [ Process.gid ]
|
|
|
|
supplementary = groups - [ Process.gid ]
|
|
|
|
if supplementary.length > 0
|
2019-07-27 06:40:09 -04:00
|
|
|
-> { Process.groups = supplementary }.should raise_error(Errno::EPERM)
|
2017-05-07 08:04:49 -04:00
|
|
|
end
|
|
|
|
end
|
2017-12-01 10:41:50 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
platform_is_not :aix do
|
|
|
|
it "raises Errno::EPERM" do
|
2019-07-27 06:40:09 -04:00
|
|
|
-> {
|
2018-02-23 03:32:33 -05:00
|
|
|
Process.groups = [0]
|
2017-12-01 10:41:50 -05:00
|
|
|
}.should raise_error(Errno::EPERM)
|
2017-05-07 08:04:49 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|