supplemental_groups

March 26, 2020 Contributors

Name

supplemental_groups — security: supplemental groups to assume after startup

Description

This security feature instructs Momentum to issue a setgroups system call to set the supplemental groups for the Momentum process. This allows more flexibility for granting Momentum access to resources that are restricted based on group membership.

Security {
Supplemental_Groups = ( "list of group names or ids" )

Allow binding to privileged ports without requiring a process restart

Capabilities = "cap_net_bind_service+ep"
}

Note

Changing the value of options in the security scope at runtime requires restarting the ecelerity process—issuing the ec_console command config reload will not suffice.

Scope

Supplemental_Groups is valid in the security scope.

See Also

security, capabilities, user, and chroot