Clear supplementary groups of `nixbld' in /etc/passwd in chroots.

* src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't display any supplementary groups for `nixbld' in /etc/passwd.
author: Ludovic Courtès <ludo@gnu.org> 2010-03-11 10:21:23 +0000
committer: Ludovic Courtès <ludo@gnu.org> 2010-03-11 10:21:23 +0000
commit: 2e8eaca573ccda707ff42c136a6f38a34f2975b4 (patch)
tree: 922b2c54a052cd53d79f946237bd5f6d49451f75
parent: 05fbf61f0e4f2670d23929235e2da5342599d447 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index f4478a4db..85948f799 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder()
         createDirs(chrootTmpDir);
         chmod(chrootTmpDir, 01777);
 
-        /* Create a /etc/passwd with entries for the build user and
-           the nobody account.  The latter is kind of a hack to
-           support Samba-in-QEMU. */
+        /* Create a /etc/passwd with entries for the build user and the
+           nobody account.  The latter is kind of a hack to support
+           Samba-in-QEMU.  For the sake of consistency with the setgroups(2)
+           call below, the build user has no supplementary groups. */
         createDirs(chrootRootDir + "/etc");
 
         writeFile(chrootRootDir + "/etc/passwd",
             (format(
-                "nixbld:x:%1%:65534:Nix build user:/:/noshell\n"
+                "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n"
                 "nobody:x:65534:65534:Nobody:/:/noshell\n")
                 % (buildUser.enabled() ? buildUser.getUID() : getuid())).str());
author	Ludovic Courtès <ludo@gnu.org>	2010-03-11 10:21:23 +0000
committer	Ludovic Courtès <ludo@gnu.org>	2010-03-11 10:21:23 +0000
commit	2e8eaca573ccda707ff42c136a6f38a34f2975b4 (patch)
tree	922b2c54a052cd53d79f946237bd5f6d49451f75
parent	05fbf61f0e4f2670d23929235e2da5342599d447 (diff)