process.initgroups(user, extraGroup)


process.initgroups() 方法读取 /etc/group 文件,并且初始化组访问列表,该列表包括了用户所在的所有组。 该方法需要 Node.js 进程有 root 访问或者有 CAP_SETGID 能力才能操作。

删除权限时要小心:

console.log(process.getgroups());         // [ 0 ]
process.initgroups('nodeuser', 1000);   // 切换用户。
console.log(process.getgroups());         // [ 27, 30, 46, 1000, 0 ]
process.setgid(1000);                     // 删除 root 的 gid。
console.log(process.getgroups());         // [ 27, 30, 46, 1000 ]

这个函数只在 POSIX 平台有效(在 Windows 或 Android 平台无效)。 此特性在 Worker 线程中不可用。

The process.initgroups() method reads the /etc/group file and initializes the group access list, using all groups of which the user is a member. This is a privileged operation that requires that the Node.js process either have root access or the CAP_SETGID capability.

Use care when dropping privileges:

console.log(process.getgroups());         // [ 0 ]
process.initgroups('nodeuser', 1000);     // switch user
console.log(process.getgroups());         // [ 27, 30, 46, 1000, 0 ]
process.setgid(1000);                     // drop root gid
console.log(process.getgroups());         // [ 27, 30, 46, 1000 ]

This function is only available on POSIX platforms (i.e. not Windows or Android). This feature is not available in Worker threads.