how should a daemon drop privileges in a PAM-compatible way?

To: debian-devel@lists.debian.org
Subject: how should a daemon drop privileges in a PAM-compatible way?
From: Eric Cooper <ecc@cmu.edu>
Date: Tue, 20 Nov 2007 12:07:10 -0500
Message-id: <[🔎] 20071120170710.GA19766@stratocaster.home>
Mail-followup-to: debian-devel@lists.debian.org

I wrote a daemon that is started from an init-script as root, and then
uses setuid and setgid to drop to a less-privileged system user and
group.

A user discovered that the program breaks when he uses the
libpam-tmpdir module, because TMPDIR doesn't get changed to the
/tmp/user/NNN directory, so the daemon tries, unsuccessfully, to
create files in /tmp.

What is the correct way to handle this?

I'm not very familiar with PAM, but I presume there might be other PAM
modules out there that would cause similar breakage; I don't want my
program to have to know about them all.

I can't use an su wrapper, because the daemon needs to do some
privileged things initially.  Is there a high level function to
"change userid, groupid and do the related PAM things" that I can use,
or example code I can use?  Thanks for any pointers.

-- 
Eric Cooper             e c c @ c m u . e d u

Reply to:

Follow-Ups:
- Re: how should a daemon drop privileges in a PAM-compatible way?
  - From: Peter Palfrader <weasel@debian.org>
- Re: how should a daemon drop privileges in a PAM-compatible way?
  - From: Steve Langasek <vorlon@debian.org>
- Re: how should a daemon drop privileges in a PAM-compatible way?
  - From: Roger Leigh <rleigh@whinlatter.ukfsn.org>

Prev by Date: gcc compilation error with abs() affects sarge, etch, lenny, sid
Next by Date: Re: how should a daemon drop privileges in a PAM-compatible way?
Previous by thread: Re: gcc compilation error with abs() affects sarge, etch, lenny, sid
Next by thread: Re: how should a daemon drop privileges in a PAM-compatible way?
Index(es):
- Date
- Thread