The
setgroups()
system call
sets the group access list of the current user process
according to the array
gidset.
The
ngroups
argument
indicates the number of entries in the array and must be no
more than
{NGROUPS_MAX}+1.
Only the super-user may set a new group list.
The first entry of the group array
( gidset[0])
is used as the effective group-ID for the process.
This entry is over-written when a setgid program is run.
To avoid losing access to the privileges of the
gidset[0]
entry, it should be duplicated later in the group array.
By convention,
this happens because the group value indicated
in the password file also appears in
/etc/group.
The group value in the password file is placed in
gidset[0]
and that value then gets added a second time when the
/etc/group
file is scanned to create the group set.