program that runs a given command under a given gid

[Bruno Haible]

Hi,

Is there a program that runs a given command with the identity changed
to a given group id? Like 'sudo' does for the uid, but for the gid instead.
Does such a program exist?

I'd suggest that such a program gets added to coreutils.

My use-case is that I have a large program that I want specific users
to be able to execute, but not other users. To this effect, I have created
a group (in /etc/group) and added the users to it.

The program creates and modifies directories in a particular location
(e.g. under /var). Of course, these files should not be world-writable
but group-writable. So that a user U1 can create files that U2 will be
able to operate on, they should be chgrp'ed to the specific group, and
chmod'ed to mode 664.

There are two ways to accomplish this:
  1) Scan the source code and add, after every file creation via
     open() or fopen() or shell redirections etc. a
     "chgrp $g $file && chown g+w $file" action.
  2) Change the group of the process so that new files will be chgrp'ed
     to the specific group automatically, and set the umask to 002.

The first approach is not realizable if the program is large or not free.
Whereas with the second approach there is the problem that setgid()
and setregid() are not allowed to normal users, *even* if they are
members of the target group.

How to reproduce:
  $ id
  uid=1000(bruno) gid=100(users) groups=100(users),33(video)
  $ cat foo.c
  #include <stdio.h>
  #include <unistd.h>
  int main ()
  {
    if (setgid (33) < 0)
      perror ("setgid");
    if (setregid (33, 33) < 0)
      perror ("setregid");
    return 0;
  }
  $ gcc -Wall foo.c -o foo
  $ ./foo
  setgid: Operation not permitted
  setregid: Operation not permitted

In other words, when a user U has his primary group G1 and is additionally
in G2, there is an asymmetry between G1 and G2. In some cases the user
would want to act as if G2 was his primary group.

So, what is needed is a program that takes
  1) a group number or name as first argument,
  2) a program name and a set of further arguments.
It should first verify that the user is in the specified group (via
comparison with getgid() and gnulib's group_member() function), otherwise
we would be opening a security hole.
Then it should call setregid (g, g).
Finally it should execv() to the specified program.

I can write such a thing myself for my use-case, but since the asymmetry
between primary and additional groups is something that is not specific
to my application, it would be nice if coreutils had this.

Bruno