|There's more than one way to do things|
RFC: Name that Moduleby pileofrogs (Priest)
|on Apr 26, 2008 at 05:16 UTC||Need Help??|
I've written a module that I've given the temporary name Process::DropPrivs. It's for dropping root privileges and making sure they really did get dropped. This is useful in a script that might start up as root, open up a log file in /var/log, switch to the 'nobody' user id, and then do something as nobody. This is one of those tasks that looks simple but is easy to get wrong. The module has one function, which I currenly call drop_privs(), and it changes the current process's uid, euid, gid, egid & supplimental gids. For example, 'root' might be a member of the 'root','wheel','tape' and 'bin' groups. When you switch to the 'nobody' user you want to make sure you didn't stay a member of the 'wheel' group.
So, a module that does that is what I'm looking for a name for.
Other ideas I've had are:Privileges::Drop