process.initgroups(user, extraGroup)


process.initgroups()方法读取/etc/group文件,并且初始化组访问列表,该列表包括了用户所在的所有组。 该方法需要Node.js进程有root访问或者有CAP_SETGID capability才能操作。

替换gid并舍弃权限时需要格外谨慎。例如:

console.log(process.getgroups());         // [ 0 ]
process.initgroups('bnoordhuis', 1000);   // switch user
console.log(process.getgroups());         // [ 27, 30, 46, 1000, 0 ]
process.setgid(1000);                     // drop root gid
console.log(process.getgroups());         // [ 27, 30, 46, 1000 ]

注意:这个函数只在POSIX平台有效(在Windows或Android平台无效)。

The process.initgroups() method reads the /etc/group file and initializes the group access list, using all groups of which the user is a member. This is a privileged operation that requires that the Node.js process either have root access or the CAP_SETGID capability.

Note that care must be taken when dropping privileges:

console.log(process.getgroups());         // [ 0 ]
process.initgroups('bnoordhuis', 1000);   // switch user
console.log(process.getgroups());         // [ 27, 30, 46, 1000, 0 ]
process.setgid(1000);                     // drop root gid
console.log(process.getgroups());         // [ 27, 30, 46, 1000 ]

This function is only available on POSIX platforms (i.e. not Windows or Android). This feature is not available in Worker threads.