Dropping root permissions
in [Unix Programming]
|
Prev: Socket or device
Next: We are currently buying Foundy Networks - primarily NetIron MLX and XMR but are also looking for BigIron RX, ServerIron WMS7, and FastIron FESX's. If you have the above or have access to the above from a client looking ro recover value, please sen
From: David Given on 26 Jul 2010 19:10 I'm trying to make a daemon drop root permissions after initialisation. This turns out to be more complicated than I thought, particularly when it comes to uids vs euids vs reguids etc and I'm finding it rather difficult to find any decent online references. Can anyone point me at a known best practice for how to do this correctly? My requirements are: I do my initialisation as root. After initialisation, I wish to change to be running under a known uid and gid. I don't need to change back again later. I do need to initialise the group list. I'd assume naively that it was just a matter of calling initgroups(), set[e]gid() and set[e]uid() in that order, but it seems there's more to it than that... -- ┌─── dg@cowlark.com ───── http://www.cowlark.com ───── │ "Blue is beautiful... blue is best... │ I'm blue! I'm beautiful! I'm best!" │ --- _Dougal and the Blue Cat_
From: Ersek, Laszlo on 27 Jul 2010 04:06 On Tue, 27 Jul 2010, David Given wrote: > I'm trying to make a daemon drop root permissions after initialisation. > This turns out to be more complicated than I thought, particularly when > it comes to uids vs euids vs reguids etc and I'm finding it rather > difficult to find any decent online references. > > Can anyone point me at a known best practice for how to do this > correctly? > > My requirements are: I do my initialisation as root. After > initialisation, I wish to change to be running under a known uid and > gid. I don't need to change back again later. I do need to initialise > the group list. > > I'd assume naively that it was just a matter of calling initgroups(), > set[e]gid() and set[e]uid() in that order, but it seems there's more to > it than that... I guess: http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html Their rationales might prove relevant to you. lacos
From: Yoshi on 27 Jul 2010 18:58 On Jul 26, 4:10 pm, David Given <d...(a)cowlark.com> wrote: > I'm trying to make a daemon drop root permissions after initialisation. > This turns out to be more complicated than I thought, particularly when > it comes to uids vs euids vs reguids etc and I'm finding it rather > difficult to find any decent online references. > > Can anyone point me at a known best practice for how to do this correctly? > > My requirements are: I do my initialisation as root. After > initialisation, I wish to change to be running under a known uid and > gid. I don't need to change back again later. I do need to initialise > the group list. > > I'd assume naively that it was just a matter of calling initgroups(), > set[e]gid() and set[e]uid() in that order, but it seems there's more to > it than that... I think if you are doing initialization as root, setgid(), initgroups(), then setuid() should work. Is there anything wrong with that? -- Yoshi
From: David Given on 27 Jul 2010 19:05 On 27/07/10 09:06, Ersek, Laszlo wrote: [...] > http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html > http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html > > Their rationales might prove relevant to you. Thanks, but I'd already seen those; as the rationales basically boil down to 'it's complicated than it appears', I'd very much rather not try to second-guess the documentation. This code is security-related, after all, and has to be right. I'd have thought that this was a common enough task that there'd be examples online available on how to do it right, but I haven't found much yet, and those that I have found don't appear to be correct (they don't set the groups list, for example); hence the reason I'm asking here. Can anyone point me at a known correct example of how to do this? -- ┌─── dg@cowlark.com ───── http://www.cowlark.com ───── │ "Blue is beautiful... blue is best... │ I'm blue! I'm beautiful! I'm best!" │ --- _Dougal and the Blue Cat_
From: Yoshi on 27 Jul 2010 20:57 On Jul 27, 4:05 pm, David Given <d...(a)cowlark.com> wrote: > On 27/07/10 09:06, Ersek, Laszlo wrote: > [...] > > >http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html > >http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html > > > Their rationales might prove relevant to you. > > Thanks, but I'd already seen those; as the rationales basically boil > down to 'it's complicated than it appears', I'd very much rather not try > to second-guess the documentation. This code is security-related, after > all, and has to be right. > > I'd have thought that this was a common enough task that there'd be > examples online available on how to do it right, but I haven't found > much yet, and those that I have found don't appear to be correct (they > don't set the groups list, for example); hence the reason I'm asking > here. Can anyone point me at a known correct example of how to do this? > I see one article here, and it also has references. www.usenix.org/publications/login/2008-06/pdfs/tsafrir.pdf -- Yoshi
|
Next
|
Last
Pages: 1 2 Prev: Socket or device Next: We are currently buying Foundy Networks - primarily NetIron MLX and XMR but are also looking for BigIron RX, ServerIron WMS7, and FastIron FESX's. If you have the above or have access to the above from a client looking ro recover value, please sen |