Support for multiple groups in $daemon_group
When running amavisd as a restricted user, it is sometimes desirable to assign it multiple groups. For example, when using a local socket for the clamd daemon, you may want to add amavisd-new to a clamdsocket group that controls access to the socket.
You can try, but the
drop_priv() function in amavisd only supports one group at a time. When amavisd-new drops privileges, it will wind up with only one group, namely whatever is in
$daemon_group, disregarding any other groups that the amavis user belongs to.
At first, it seemed like this was a minor oversight, and that the daemon should simply call
initgroups() to initialize the supplementary groups of its new user. But apparently there is no perl interface to either
initgroups(), or the
getgrouplist() function that could be used to fake it!
As plan B, I propose here to allow an explicit list of groups in
$daemon_group. Thus we could have
@daemon_groups = qw(amavis, clamdsocket);
with a fallback (for backwards-compatibility) to
@daemon_groups = ($daemon_group);
drop_priv() would loop through them to construct a list of supplementary groups assigned like
$( = $gid; # real GID $) = "$gid $suppgids"; # effective GID
That should allow multiple groups, at the expense of having to re-type them in your
amavisd.conf file. (Fixing supplementary groups properly would be nice, but it requires a new C extension AFAIK.)