nix::unistd

Function initgroups

source
pub fn initgroups(user: &CStr, group: Gid) -> Result<()>
Expand description

Initialize the supplementary group access list.

Sets the supplementary group IDs for the calling process using all groups that user is a member of. The additional group group is also added to the list.

Further reading

Note: This function is not available for Apple platforms. On those platforms, group membership management should be achieved via communication with the opendirectoryd service.

§Examples

initgroups can be used when dropping privileges from the root user to another user. For example, given the user www-data, we could look up the UID and GID for the user in the system’s password database (usually found in /etc/passwd). If the www-data user’s UID and GID were 33 and 33, respectively, one could switch the user as follows:

let user = CString::new("www-data").unwrap();
let uid = Uid::from_raw(33);
let gid = Gid::from_raw(33);
initgroups(&user, gid)?;
setgid(gid)?;
setuid(uid)?;