On 2023-04-19 Gilbert Detillieux wrote:
They may have had users like me in mind, who (over time) need to be added to over 16 separate secondary groups (yeah, I was running into that RPC AUTH_SYS 16-group limit in NFS, long before there was a simple fix).
Which makes me wonder... is there any command line program (or shell option) that lets a normal user *drop* their supplemental groups? I don't see one. You can change your primary group with newgrp/sg, but the tools don't seem to let you manipulate supplemental groups. Which further leads me to believe that no one in the *NIX world thinks dropping groups is a worthwhile, good or needed idea.
Furhter, perl doesn't seem to give you anything to manipulate this in core either, which I find really strange. perl usually lets you do *all* of this user/group system stuff, even if only through vaguely named special vars: $) anyone? (Ok, ya they now have pretty names too. But if modern much-vaunted jquery can do $() then I can have my $) thank you very much. <smirk>) So that leads me to believe perl-people think the idea is useless.
I was going to say postfix could let the user decide by running /bin/dg (which I'm coining just now, drop-groups) before their desired command. That would be more unix-y by letting the user decide and chain commands as they see fit.
Oh ya, I realized ACLs could probably also solve my root problem. But I don't think I'll ever stoop to using ACLs on Linux. I eradicate them everywhere I see them. Evil!