diff options
| -rw-r--r-- | sys-utils/setpriv.1 | 2 | ||||
| -rw-r--r-- | sys-utils/setpriv.c | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 index 1c2423c65..9b7f43bc8 100644 --- a/sys-utils/setpriv.1 +++ b/sys-utils/setpriv.1 @@ -36,7 +36,7 @@ Dump current privilege state. Can be specified more than once to show extra, mostly useless, information. Incompatible with all other options. .TP .B \-\-groups \fIgroup\fR... -Set supplementary groups. The argument is a comma-separated list. +Set supplementary groups. The argument is a comma-separated list of GIDs or names. .TP .BR \-\-inh\-caps " (" + | \- ) \fIcap "... or " \-\-ambient-caps " (" + | \- ) \fIcap "... or " \-\-bounding\-set " (" + | \- ) \fIcap ... Set the inheritable capabilities, ambient capabilities or the capability bounding set. See diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index 0d3a3b3c9..d93341b39 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -56,6 +56,8 @@ #define SETPRIV_EXIT_PRIVERR 127 /* how we exit when we fail to set privs */ +static gid_t get_group(const char *s, const char *err); + enum cap_type { CAP_TYPE_EFFECTIVE = CAPNG_EFFECTIVE, CAP_TYPE_PERMITTED = CAPNG_PERMITTED, @@ -136,7 +138,7 @@ static void __attribute__((__noreturn__)) usage(void) fputs(_(" --clear-groups clear supplementary groups\n"), out); fputs(_(" --keep-groups keep supplementary groups\n"), out); fputs(_(" --init-groups initialize supplementary groups\n"), out); - fputs(_(" --groups <group,...> set supplementary groups\n"), out); + fputs(_(" --groups <group,...> set supplementary groups by UID or name\n"), out); fputs(_(" --securebits <bits> set securebits\n"), out); fputs(_(" --pdeathsig keep|clear|<signame>\n" " set or clear parent death signal\n"), out); @@ -456,8 +458,7 @@ static void parse_groups(struct privctx *opts, const char *str) opts->groups = xcalloc(opts->num_groups, sizeof(gid_t)); while ((c = strsep(&groups, ","))) - opts->groups[i++] = (gid_t) strtol_or_err(c, - _("Invalid supplementary group id")); + opts->groups[i++] = get_group(c, _("Invalid supplementary group id")); free(groups); } |