Use updated setuid with clearSupplementalGroups (#4609)

* Use updated setuid with clearSupplementalGroups Signed-off-by: Greg Wilkins <gregw@webtide.com> * remove version from setuid.mod Signed-off-by: Greg Wilkins <gregw@webtide.com>
2020-02-27 18:56:16 +01:00 · 2020-02-27 18:56:16 +01:00 · 95f20ddfeb
parent 75893dac9c
commit 95f20ddfeb
3 changed files with 4 additions and 2 deletions
--- a/jetty-home/pom.xml
+++ b/jetty-home/pom.xml
@ -13,7 +13,7 @@
  <properties>
    <assembly-directory>${basedir}/target/jetty-home</assembly-directory>
    <source-assembly-directory>${basedir}/target/jetty-home-sources</source-assembly-directory>
-    <jetty-setuid-version>1.0.3</jetty-setuid-version>
+    <jetty-setuid-version>1.0.4</jetty-setuid-version>
  </properties>

  <build>
--- a/jetty-home/src/main/resources/etc/jetty-setuid.xml
+++ b/jetty-home/src/main/resources/etc/jetty-setuid.xml
@ -10,6 +10,7 @@
        <Set name="umaskOctal"><Property name="jetty.setuid.umask" deprecated="jetty.umask" default="002"/></Set>
        <Set name="username"><Property name="jetty.setuid.userName" deprecated="jetty.username" default="jetty"/></Set>
        <Set name="groupname"><Property name="jetty.setuid.groupName" deprecated="jetty.groupname" default="jetty"/></Set>
+        <Set name="clearSupplementalGroups"><Property name="jetty.setuid.clearSupplementalGroups" default="false"/></Set>
        <!-- uncomment to change the limits on number of open file descriptors for root -->
        <!--
        <Call name="setRLimitNoFiles">
--- a/jetty-home/src/main/resources/modules/setuid.mod
+++ b/jetty-home/src/main/resources/modules/setuid.mod
@ -9,7 +9,7 @@ changing to a restricted user (eg jetty).
 server

 [lib]
-lib/setuid/jetty-setuid-java-1.0.3.jar
+lib/setuid/*.jar

 [xml]
 etc/jetty-setuid.xml
@ -20,3 +20,4 @@ etc/jetty-setuid.xml
 # jetty.setuid.userName=jetty
 # jetty.setuid.groupName=jetty
 # jetty.setuid.umask=002
+# jetty.setuid.clearSupplementalGroups=false