{"id":49495807,"url":"https://github.com/xuancong84/chown-pid","last_synced_at":"2026-05-01T09:07:43.632Z","repository":{"id":175234381,"uuid":"653527912","full_name":"xuancong84/chown-pid","owner":"xuancong84","description":"A Linux kernel module to modify a running process' UID, GID, and supplementary group list","archived":false,"fork":false,"pushed_at":"2024-05-07T09:21:18.000Z","size":22,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-07T10:35:20.083Z","etag":null,"topics":["chgrp","chown","chown-sync","chownow","gid","kernel-driver","linux-kernel","uid"],"latest_commit_sha":null,"homepage":"https://github.com/xuancong84/supgroup","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xuancong84.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-14T08:21:01.000Z","updated_at":"2024-05-07T10:35:22.105Z","dependencies_parsed_at":"2023-07-02T08:24:21.331Z","dependency_job_id":null,"html_url":"https://github.com/xuancong84/chown-pid","commit_stats":null,"previous_names":["xuancong84/supgroup","xuancong84/chown-pid"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/xuancong84/chown-pid","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xuancong84%2Fchown-pid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xuancong84%2Fchown-pid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xuancong84%2Fchown-pid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xuancong84%2Fchown-pid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xuancong84","download_url":"https://codeload.github.com/xuancong84/chown-pid/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xuancong84%2Fchown-pid/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32490869,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chgrp","chown","chown-sync","chownow","gid","kernel-driver","linux-kernel","uid"],"created_at":"2026-05-01T09:07:43.576Z","updated_at":"2026-05-01T09:07:43.622Z","avatar_url":"https://github.com/xuancong84.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A Linux kernel module to modify a running process' UID, GID, and supplementary group list\n\nLinux is a very powerful multi-user operating system in which users can run programs both locally (as a PC) or remotely (as a server). In a typical multi-user environment, very often, we encounter the group-permission-not-updated issue for already launched processeses when we create a new group and added some existing users to the new group. That is because the Linux kernel credential module has a major security defect that if a user is added to or removed from a supplementary group (not the user's primary group defined in `/etc/passwd`), that user's existing processes will not have its supplementary group permission updated.\n\nFor example, if a user has a `tmux` (or `screen`) session running some background jobs, and the user is added to a new group whose members have access to some secure folder, then the user will not be able to access the secure folder in his/her `tmux` session, even if he spawns new shell panes/windows in his `tmux` session or creates new `tmux` sessions. The only two workarounds are:\n1. close all his `tmux` sessions so that his `tmux` server stops and then relaunch `tmux`.\n2. create a new `tmux` session under a different `tmux` socket.\n\nIn another example, if a user quits a project and the system admin removes him from the project group (`/etc/group`), then all that user's existing programs and `tmux` sessions will continue to access files and folders that are only accessible by that project group members. Moreover, the user can use his existing `tmux` (or `screen`) session to spawn new processes (including new `tmux` sessions) that continue to enjoy the old supplementary group permission, so that he can continue to access those files and folders on which his permission has been withdrawn. This can lead to a data security problem.\n\nSince this defect lies in the Linux kernel, up to today, no user-level programs and softwares can tackle it directly.\n\nThis kernel-module program is created to add or remove a supplementary group (by GID) to and from a process (by PID).\n\n## How to compile\n1. Login as root (e.g., `sudo su` or `su`)\n2. `cd` into the project folder and run `make`\n3. If compilation is successful, `chown-pid.ko` will be generated\n4. `sudo make` will NOT work (unless you append the option `Defaults env_keep += \"PWD\"` to `/etc/sudoers` which is not secure)\n\n## How to run\n1. To add a supplementary group GID to a process PID:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_gid=\u003cGID\u003e arg_act='add' \u0026\u0026 rmmod chown-pid\n```\nin which `arg_act='add'` is optional (default argument).\n\n2. To remove a supplementary group GID from a process PID:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_gid=\u003cGID\u003e arg_act='remove' \u0026\u0026 rmmod chown-pid\n```\n\n3. To enquire whether a GID is inside the process' supplementary group list:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_gid=\u003cGID\u003e arg_act='query' \u0026\u0026 rmmod chown-pid\n```\n\n4. To list all GIDs under the process PID:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_act='list' \u0026\u0026 rmmod chown-pid\n```\nYou can also view this list at `/proc/\u003cPID\u003e/status`.\n\n5. To set UID for the process PID:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_gid=\u003cUID\u003e arg_act='set_uid' \u0026\u0026 rmmod chown-pid\n```\n\n6. To set GID for the process PID:\n```\nsync \u0026\u0026 insmod chown-pid.ko arg_pid=\u003cPID\u003e arg_gid=\u003cGID\u003e arg_act='set_gid' \u0026\u0026 rmmod chown-pid\n```\n\n\n**Since this is a kernel module, all verbose output can only be seen by `dmesg -t | tail`. Moreover, under extreme race conditions, there is a slight risk of causing your OS to crash, so better `sync` before doing anything.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxuancong84%2Fchown-pid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxuancong84%2Fchown-pid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxuancong84%2Fchown-pid/lists"}