I would have said that libc should have a function (maybe something like getGroupsByUsername) that would return a list of all groups a user should be a member of, and that this function would be implemented by NSS. And then, the files service from NSS would implement it by looking at the file /etc/group.
But as far as I can see, this is not how it works.
There is no function to obtain the list of groups a user should belong. getgroups(2) is not what I'm looking for. That function returns the list of groups the calling process currently belongs to.
So, the questions would be:
- How do I obtain the list of groups a user should belong to? Do I need to parse myself the file
/etc/group? - What is the process by which when I login my current process already belongs to all groups specified for my username in
/etc/group? Is it theloginprogram that parses/etc/groupand then runs setgroups(2)? - If I want to use an alternative system for managing group membership, could I write an NSS module that would use whatever logic I like?
By the way, I am aware that with functions like getgrnam(3) and getgrent(3) I can obtain the list of all members for each group, but what I need is the opposite, the list of groups a user is member of. I could construct it by using those functions, but it seems there should be an easier way.
Also, there is the function initgroups(3). I don't know if this function has anything to do with NSS. And it doesn't return the list of groups, just updates the list of groups the calling process belongs to.
