site_archiver@lists.apple.com Delivered-To: Darwin-dev@lists.apple.com On Oct 1, 2008, at 12:21 PM, Terry Lambert wrote: You probably actually want: _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... setgid(); syscall(SYS_initgroups, int ngroups, const gid_t *gidset, uid_t gmuid) Calling initgroups(3) is a better idea. It's not recommended to make syscalls directly. Doing so might not be compatible with future releases of Mac OS X. If you do not set the group membership uid, and do it without any other modifications of the credential, save the final setuid(), then you will opt out of external group resolution. This means that if you have put a user into more than 16 groups in DirectoryServices, you wil only see 16 of them, and due to ordering ambiguity, you will only be guaranteed that the primary group ID for the user will be in that list of 16. This email sent to site_archiver@lists.apple.com