Supplementary groups not set for AuthorizedKeysCommand

Johannes Löthberg johannes at
Mon Jul 30 06:35:01 AEST 2018


We just discovered that when sshd forks to execute the 
AuthorizedKeysCommand, it only runs setres{u,g}id in the new thread, but 
not setgroups, which means that the supplementary groups are never set 
in the new thread.  This feels quite strange, so I was wondering whether 
this is intended behaviour or not.  If not, it would be quite easy to 
fix this.

  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  PGP Key FP: 5134 EF9E AF65 F95B 6BB1  608E 50FB 9B27 3A9D 0BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1727 bytes
Desc: signature
URL: <>

More information about the openssh-unix-dev mailing list