Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Unix-y question

by reptile (Monk)
on Aug 02, 2000 at 14:35 UTC ( #25691=perlquestion: print w/replies, xml ) Need Help??
reptile has asked for the wisdom of the Perl Monks concerning the following question:

What, specifically, happens when I change the real and/or effective user and group ID of a process? To be more specific, if the program is initially running as root, or setuid root, and I change the real and/or effective user/group of the process to, say, that of a specific user, does all of that processes root privilages go away? I want to be able to fork() a process to be run as a specific user with the same privilages as that user, from an originally root-owned process.

I suspect the answer is pretty obvious, but I'm too lazy to test it out, since I'm still in the planning stage ;)

And yes I know this is a unix question and not really a perl one, but it's in the context of a perl project I'm planning.

Replies are listed 'Best First'.
Re: Unix-y question
by ColtsFoot (Chaplain) on Aug 02, 2000 at 15:00 UTC
    I think that you should be able to do what you are trying to accomplish
    using setuid(2) and seteuid(2) (See the man pages)

    One thing to note is: if the user is root or the process is setuid root
    all processes related ID's are set to uid, after this has occured it
    is impossible for the process to regain root privilege.

    Hope this is of help.

      Yep, that answers my question. I knew about the functions to use already, but I wasn't sure on their behavior, ie. if after the setuid(), any privilages from the previous uid were retained. I was pretty sure of the answer (it would be kind of non-sensical if they were) but I thought it best to ask and make sure.

      A point of clarification: are you saying that if I setuid() in a child process, the entire process group is affected? or just the child and its children, if any? or just the process itself?

      local $_ = "0A72656B636148206C72655020726568746F6E41207473754A"; while(s/..$//) { print chr(hex($&)) }

        One thing to note is that if you are running as non-root, the real and saved uid are not changed to the new uid.

        setuid() will set the uid for the current process only, existing children and parents are unaffected (although children spawned after a setuid() will inherit the parent's new uid). Threads are a different matter, under Linux a setuid() affects only the calling thread but I believe that on most other Unices a setuid() in a thread will affect all threads. One common mistake when using setuid()/setgid() is to call them in the order setuid(), setgid() which won't work because once you have dropped root privileges with setuid(), the setgid() won't work unless the gid matches your effective or saved gid, so do a setgid() followed setuid() to drop root group privileges.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://25691]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (5)
As of 2018-06-21 22:51 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (120 votes). Check out past polls.