MOO-cows Mailing List Archive
Re: Fun with FUP and root.
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 26 Feb 1997, Erik R. Ogan wrote:
> Hmm, maybe if the user to run as could be set through a
> command line option, or an environment variable.
The standard way that I have seen to do this is as follows (based on the
fact that "most" Unix software does this):
Somewhere in a configuration file (the database itself, perhaps?
Where isn't *too* important...) set a username to switch to, and make the
binary setuid root. The server would then start as root, and depending on
the code structure (I'm not familiar with the server code), it would do
one of two things:
1. immediate setuid() to appropriate user
2. setuid() to root
-create/bind privileged socket
3. setuid() back to appropriate user
1. Initialize stuff
2. Create/bind socket
3. setuid() to appropriate user and never setuid() back
Of course, this should also be a compile-time option in options.h or some
such. I think this is a great idea...
*..__--<< You know something's up when your Thought process is idle. >>--__..*
USER PID %CPU %MEM VSZ RSS TTY S STARTED TIME COMMAND
shadow 28365 0.0 0.2 2.84M 264K ttyp1 S 12:57:12 0:00.02 Thought
Steven M. Doyle, President, World One Telecommunications
Webmaster, Decade Communications
IRC Administrator, los-angeles.ca.us.undernet.org
Finger email@example.com for PGP public key.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Subject Index |