I'm running the zabbix agentd daemon (from the initscripts) and as expected it's dropping privileges to the zabbix user.

It would be greats is the process could use the secondary groups of the zabbix user defined in /etc/group, this way I could read log files with the permissions 0640, or execute script to very database files with the permissions 0640.

I read the man page for setgroups (function to use to add secondary groups to current process), and it's not POSIX .1-2001 compliant:

CONFORMING TO
SVr4, 4.3BSD. The getgroups() function is in POSIX.1-2001. Since set?
groups() requires privilege, it is not covered by POSIX.1-2001.

is that the reason why it's not implemented in src/libs/zbxnix/daemon.c ?
Or is it because it's another security risk to let a process use more than one group ? (in that case, we could control that with a flag authorizing or not the usage of secondary groups in agentd.conf ).

Thanks.