[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: User privileges separation in Debian.

On Wed, Dec 09, 2009 at 08:30:40PM +0700, Sthu Deus wrote:
> Good day.
> How can I realise the subject? Say, I have SSH daemon, in Debian it
> starts with root privileges from /usr/sbin/sshd.

I'm not sure you *can* realize what you want.

> When connection is established (a user has successfully logged in),
> I have sshd (a child process born by the previous process) - still
> w/ root privileges, - and only *its* child starts w/ some user's
> privileges.

This is only a guess, so hopefully someone who knows will chime in. It
sounds like typical forking behavior to me. The parent process, as
root, listens for connections, when it gets one, it forks a child to
handle that connection. That child does all the handshaking and
authentication, once that's complete, yet another child is forked with
user privileges to maintain the connection. This format allows the
original parent process to handle multiple requests simultaneously
while the first generation of children handle authentication and

but, that's a guess.


Attachment: signature.asc
Description: Digital signature

Reply to: