RE: Re: Unix-y question

by reptile (Monk)
on Aug 02, 2000 at 15:15 UTC ( #25700=note: print w/replies, xml ) Need Help??

in reply to Re: Unix-y question
in thread Unix-y question

Yep, that answers my question. I knew about the functions to use already, but I wasn't sure on their behavior, ie. if after the setuid(), any privilages from the previous uid were retained. I was pretty sure of the answer (it would be kind of non-sensical if they were) but I thought it best to ask and make sure.

A point of clarification: are you saying that if I setuid() in a child process, the entire process group is affected? or just the child and its children, if any? or just the process itself?

RE: RE: Re: Unix-y question
by nardo (Friar) on Aug 02, 2000 at 19:01 UTC
    One thing to note is that if you are running as non-root, the real and saved uid are not changed to the new uid.

    setuid() will set the uid for the current process only, existing children and parents are unaffected (although children spawned after a setuid() will inherit the parent's new uid). Threads are a different matter, under Linux a setuid() affects only the calling thread but I believe that on most other Unices a setuid() in a thread will affect all threads. One common mistake when using setuid()/setgid() is to call them in the order setuid(), setgid() which won't work because once you have dropped root privileges with setuid(), the setgid() won't work unless the gid matches your effective or saved gid, so do a setgid() followed setuid() to drop root group privileges.

Node Type: note [id://25700]
