Use updated setuid with clearSupplementalGroups (#4609)

gregw · web-flow · commit 95f20ddfebd2 · 2020-02-27T18:56:16.000+01:00
* Use updated setuid with clearSupplementalGroups

Signed-off-by: Greg Wilkins &lt;gregw@webtide.com&gt;

* remove version from setuid.mod

Signed-off-by: Greg Wilkins &lt;gregw@webtide.com&gt;
diff --git a/jetty-home/pom.xml b/jetty-home/pom.xml
@@ -13,7 +13,7 @@
   <properties>
     <assembly-directory>${basedir}/target/jetty-home</assembly-directory>
     <source-assembly-directory>${basedir}/target/jetty-home-sources</source-assembly-directory>
-    <jetty-setuid-version>1.0.3</jetty-setuid-version>
+    <jetty-setuid-version>1.0.4</jetty-setuid-version>
   </properties>
 
   <build>
diff --git a/jetty-home/src/main/resources/etc/jetty-setuid.xml b/jetty-home/src/main/resources/etc/jetty-setuid.xml
@@ -10,6 +10,7 @@
         <Set name="umaskOctal"><Property name="jetty.setuid.umask" deprecated="jetty.umask" default="002"/></Set>
         <Set name="username"><Property name="jetty.setuid.userName" deprecated="jetty.username" default="jetty"/></Set>
         <Set name="groupname"><Property name="jetty.setuid.groupName" deprecated="jetty.groupname" default="jetty"/></Set>
+        <Set name="clearSupplementalGroups"><Property name="jetty.setuid.clearSupplementalGroups" default="false"/></Set>
         <!-- uncomment to change the limits on number of open file descriptors for root -->
         <!--
         <Call name="setRLimitNoFiles">
diff --git a/jetty-home/src/main/resources/modules/setuid.mod b/jetty-home/src/main/resources/modules/setuid.mod
@@ -9,7 +9,7 @@ changing to a restricted user (eg jetty).
 server
 
 [lib]
-lib/setuid/jetty-setuid-java-1.0.3.jar
+lib/setuid/*.jar
 
 [xml]
 etc/jetty-setuid.xml
@@ -20,3 +20,4 @@ etc/jetty-setuid.xml
 # jetty.setuid.userName=jetty
 # jetty.setuid.groupName=jetty
 # jetty.setuid.umask=002
+# jetty.setuid.clearSupplementalGroups=false
