Re: off-topic program-Q
On Fri, 19 Apr 1996, Maarten Boekhold wrote:
I assume run==1 up here?
What is the egid here?
> if (fetch) {
> pid = fork();
>
> if (!pid) {
> setgid(egid);
> run=0;
> }
> }
>
> if (run) {
> setegid(gid);
> }
>
I think you're confused over real/effective/saved IDs. setgid() for
nonroot users only sets the eid. You say that the parent call works,
which means that the gid variable must be the saved ID, and conversely
the egid variable is the real ID. That's pretty counterintuitive
naming. Anyway the code is doing exactly what it should - you're
losing the permissions in the child.
BTW, what is that run stuff? Why don't you just put the "if (run)"
routine in an else from the pid check?
> I use sh -c
> here cos ultimately I want to redirect output to /dev/null
That's a poor reason to use sh. Don't use sh unless you need globbing
or something. Instead you should just close(1) to close the file
descriptor. Some programs have bugs and croak when stdout is closed
(dip for one). So just open /dev/null, and dup2 the stdout file
descriptor onto it.
> I also tried this in perl, where it failed, even after fooling around
> with GID's and EGID's, so I thought I'd give C a try, but to no avail sofar.
Everything I said also applies to perl.
If you want a book on this stuff, I highly recommend "Advanced
Programming in the UNIX Environment" by W. Richard Stevens, ISBN
0-201-56317-7.
Guy
Reply to: