Daemon impotent after dropping priviledges with setuid()

To: debian-user@lists.debian.org
Subject: Daemon impotent after dropping priviledges with setuid()
From: Frank Miles <fpm@u.washington.edu>
Date: Fri, 8 Jan 2010 15:40:19 -0800 (PST)
Message-id: <[🔎] alpine.LRH.2.01.1001081528020.7382@homer22.u.washington.edu>

I have a peculiar problem with a daemon.  Some of the tasks that the daemon
needs to accomplish should be done with reduced priviledges, particularly
if they are complex or depend on user input.  So the daemon forks a child
process, which setuid's to some lesser user.

Unfortunately, as soon as the daemon setuid(some_other_userid), it can
no longer write files.  Not into the home directory of some_other_userid,
not into /tmp, ... I haven't found anywhere that the daemon can write
without receiving a "permission denied" error.

The files didn't exist before the daemon action.  Permissions to /tmp
are 777+t.  Doing a getuid(), geteuid() show that the permissions were
set properly in the daemon's child process.

The same user can write files into these same directories without error
from the console or from a plain 'C' program.  The daemon's child
(before setuid) also succeeds at writing files.  'strace -f' doesn't
show any problem until the open() call results in the permission denied
error.

This is on a 'squeeze' system, 64 bit i7 860 that otherwise seems to run
properly.

Anyone have any hints?  Suggestions for diagnosing things?  Would be
appreciated!!

	-f

Reply to:

Prev by Date: Re: Hosting in the US
Next by Date: Re: Hosting in the US
Previous by thread: Re: Backlight bug on Acer Aspire 7720
Next by thread: Re: Daemon impotent after dropping priviledges with setuid()
Index(es):
- Date
- Thread