unable to set gid for user root

Is root the owner of every directory in the hierarchy leading to your tool? There's a security restriction that prevents setuid/setgid from working in arbitrary directory configurations.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Hi

Thanks for your replying root is the owner on all the tree, except for /dv/sbtools that own by user You think if I change to root it will sort the issue ?

Thanks, Amir

Thanks for your replying root is the owner on all the tree, except for /dv/sbtools that own by user You think if I change to root it will sort the issue ?

To be honest, I'm not sure. The system is quite complicated and it's entirely possible I've missed some other issue. However, this ownership issue is definitely one of the factors that would prevent it from running.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Taking a step back, why are you doing this with a custom tool? macOS has built-in support for this sort of thing using sudo and su, so I’m curious why you’re not using those.

Also, changing user context on macOS is tricky. While it is generally possible to change the traditional BSD context — UID, GUI, and so on — macOS relies on other context items that are harder to change. TN2083 Daemons and Agents explains that stuff in gory detail.

If you change the BSD context but not the other context, weird things happen. For example, code that accesses the keychain is likely to fail.

Now, the built-in sudo and su don’t do a great job of handling this, but crafting a custom tool is unlikely to improve things.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"