Re: Getting a daemon off uid root

To: Thomas Viehmann <tv@beamnet.de>
Cc: debian-mentors <debian-mentors@lists.debian.org>
Subject: Re: Getting a daemon off uid root
From: Gergely Nagy <algernon@boszorka.mad.hu>
Date: Fri, 21 Feb 2003 21:49:35 +0100
Message-id: <83smuhqrz4.wl@iluvatar.ath.cx>
In-reply-to: <3E566E33.2000606@beamnet.de>
References: <3E566E33.2000606@beamnet.de>

> - open devices (in my case tty?, ttyUSB?)

You do not necessarily need root for that, provided that something
else set the permissions up. Otherwise, you might open it as root and
drop privileges.

> - open syslog (and/or logfile)

This certainly does not need root privileges. At least, logging to
syslog. If you want a logfile, you can include a directory in your
package owned by the unprivileged user (you probably need to add that
user in your preinst then) under /var/log, and log there.

> - write pidfile

Write it as root, chown it to the unprivileged user, drop privileges.

> In particular, I don't know how to write my pidfile under /var/run without being
> root.
> If there isn't any way, is there documentation/good example on how to shed the
> root privilege after starting? Is a simple setresuid/gid to
> nobody/nogroup enough?

I'd use setuid (and setgid too, just to be sure), since that is more
portable. <plug>Look at src/daemon.c::_daemon_drop_privs in the thy
sources</plug>

Reply to:

References:
- Getting a daemon off uid root
  - From: Thomas Viehmann <tv@beamnet.de>

Prev by Date: Re: Getting a daemon off uid root
Next by Date: Re: Upstream author wants maintainer
Previous by thread: Re: Getting a daemon off uid root
Next by thread: Re: Getting a daemon off uid root
Index(es):
- Date
- Thread