MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]
Re: Fun with FUP and root.
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 26 Feb 1997, Erik R. Ogan wrote:
> Hmm, maybe if the user to run as could be set through a
> command line option, or an environment variable.
The standard way that I have seen to do this is as follows (based on the
fact that "most" Unix software does this):
Somewhere in a configuration file (the database itself, perhaps?
Where isn't *too* important...) set a username to switch to, and make the
binary setuid root. The server would then start as root, and depending on
the code structure (I'm not familiar with the server code), it would do
one of two things:
Either:
1. immediate setuid() to appropriate user
-initialize stuff
2. setuid() to root
-create/bind privileged socket
3. setuid() back to appropriate user
Or (preferred):
1. Initialize stuff
2. Create/bind socket
3. setuid() to appropriate user and never setuid() back
to root.
Of course, this should also be a compile-time option in options.h or some
such. I think this is a great idea...
JMHO,
- --Shadow
*..__--<< You know something's up when your Thought process is idle. >>--__..*
USER PID %CPU %MEM VSZ RSS TTY S STARTED TIME COMMAND
shadow 28365 0.0 0.2 2.84M 264K ttyp1 S 12:57:12 0:00.02 Thought
Steven M. Doyle, President, World One Telecommunications
Webmaster, Decade Communications
IRC Administrator, los-angeles.ca.us.undernet.org
Finger shadow@dragon.worldone.com for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMxTPd5664xtexA+FAQEQzAQAtM1q1U82LRoL/8ixedFzw4wRpyqGXp9C
dUV4BLSpgU8x2ocSkg+IDaoRYLPH8VTGayS22vAElXC0/4F28txScPblbPW+9UoB
nr12EdGSpEyEExdhgnA154kkxIxQETXTk33zJczcXdEaX7Ksrd3FD7+wePAnHWgl
7gg8i0Vk94w=
=uF25
-----END PGP SIGNATURE-----
Follow-Ups:
References:
Home |
Subject Index |
Thread Index