On Wed, Dec 06, 2000 at 10:40:44AM +0100, Andres Seco Hernandez wrote: > > disagreed, if its a daemon not to be run by users then the user it > > runs as should be a member of group dialout. users should not be able > > to access the serial devices in any way unless they are members of > > group dialout (except through ppp, in which they are member of group > > dip instead). setgid/setuid is something you should avoid using > > unless absolutely necessary. writing set[ug]id safe code takes much > > care. > > How must i run it then? I supose that the init.d script to start/stop the > daemon is run as root, so, the daemon itselft too. Then, must i change > user efective id inside the code? no, what you do is create a new user and either make its primary group `dialout' or else give it its own group and add the user to group dialout. when you use start-stop-daemon --chuid <user> it will take care of initing the groups, so your daemon would run as the non-root user and have group dialout membership. you would need no code at all to deal with changing uids this way. observe: [root@socrates /root]# groups build build : src users wheel [root@socrates /root]# start-stop-daemon --chuid build --start --exec /usr/bin/id uid=1001(build) gid=40(src) groups=40(src),100(users),110(wheel) [root@socrates /root]# you could implement this same code inside your daemon and support your own --user option and work the same way, just make sure you use initgroups() to get the group membership right. > I think is easiest to made it setuid with the new user. no that is the most dangerous way as it allows any arbitrary user on the system to start the daemon with elevated privileges. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpe8XNHLfAfH.pgp
Description: PGP signature