how should a daemon drop privileges in a PAM-compatible way?
I wrote a daemon that is started from an init-script as root, and then
uses setuid and setgid to drop to a less-privileged user & group.
A user discovered that the program breaks when he uses the
libpam-tmpdir module, because TMPDIR doesn't get changed to the
/tmp/user/NNN directory, so the daemon tries to create files in /tmp
without permission.
So, what is the correct way to do this? Is there a high level
function to "change userid, groupid and do the related PAM things"
that I can use, or an example program to copy? Thanks for any pointers.
--
Eric Cooper e c c @ c m u . e d u
Reply to: