>From 2fd678d1201dbb1c877aba139190b0ac1025964f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Stod=C5=AFlka?= <address@hidden>
Date: Wed, 25 Jun 2014 18:26:23 +0100
Subject: [PATCH] id: output the effective group for the process

* src/id.c (print_full_info): When no user is specified,
output the effective group for the _process_, rather than
the default group from the system database, which may be different.
* tests/id/setgid.sh: Add a case for `id` as well as `id -G`.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/7320
Reported at http://bugzilla.redhat.com/1016163
---
 NEWS               |    6 ++++++
 src/id.c           |   19 ++++++++++---------
 tests/id/setgid.sh |    9 +++++++--
 3 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/NEWS b/NEWS
index 6532785..e5ea77c 100644
--- a/NEWS
+++ b/NEWS
@@ -67,6 +67,12 @@ GNU coreutils NEWS                                    -*- outline -*-
   now copies all input to stdout.  Previously nothing was output in this case.
   [bug introduced with the --lines=-N feature in coreutils-5.0.1]
 
+  id, when invoked with no user name argument, now prints the correct group ID.
+  Previously, in the default output format, it would print the default group ID
+  in the password database, which may be neither real nor effective.  For e.g.,
+  when run set-GID, or when the database changes outside the current session.
+  [bug introduced in coreutils-8.1]
+
   ln -sf now replaces symbolic links whose targets can't exist.  Previously
   it would display an error, requiring --no-dereference to avoid the issue.
   [bug introduced in coreutils-5.3.0]
diff --git a/src/id.c b/src/id.c
index 3348f80..f46bb41 100644
--- a/src/id.c
+++ b/src/id.c
@@ -399,19 +399,20 @@ print_full_info (const char *username)
     gid_t *groups;
     int i;
 
-    int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
-                               &groups);
+    gid_t primary_group;
+    if (username)
+      primary_group = pwd ? pwd->pw_gid : -1;
+    else
+      primary_group = egid;
+
+    int n_groups = xgetgroups (username, primary_group, &groups);
     if (n_groups < 0)
       {
         if (username)
-          {
-            error (0, errno, _("failed to get groups for user %s"),
-                   quote (username));
-          }
+          error (0, errno, _("failed to get groups for user %s"),
+                 quote (username));
         else
-          {
-            error (0, errno, _("failed to get groups for the current process"));
-          }
+          error (0, errno, _("failed to get groups for the current process"));
         ok = false;
         return;
       }
diff --git a/tests/id/setgid.sh b/tests/id/setgid.sh
index aa43ea3..a81b42c 100755
--- a/tests/id/setgid.sh
+++ b/tests/id/setgid.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Verify that id -G prints the right group when run set-GID.
+# Verify that id [-G] prints the right group when run set-GID.
 
 # Copyright (C) 2012-2014 Free Software Foundation, Inc.
 
@@ -27,9 +27,14 @@ gp1=$(expr $g + 1)
 
 echo $gp1 > exp || framework_failure_
 
+# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
 chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
   id -G > out || fail=1
 compare exp out || fail=1
-# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+
+# With coreutils-8.22 and earlier, id would erroneously print groups=$g
+chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
+  id > out || fail=1
+grep -F "groups=$gp1" out || fail=1
 
 Exit $fail
-- 
1.7.7.6