setuid

Can anyone point to some code that deals with the security of files access via a path specified (in part) by an environment variable, specifically for Unix and its variants, but Windows solutions are also of interest? This is a big long question - I'm not sure how well it fits the SO paradigm. Consider this scenario: Background: Software package PQR can be installed in a location chosen by users. The environment variable $PQRHOME is used to identify the install directory. By default, all programs and files under $PQRHOME belong to a special group, pqrgrp. Similarly, all programs and files

Does Linux have some C interface similar to setuid , which allows a program to switch to a different user using e.g. the username/password? The problem with setuid is that it can only be used by superusers. I am running a simple web service which requires jobs to be executed as the logged in user. So the main process runs as root, and after the user logs in it forks and calls setuid to switch to the appropriate uid. However, I am not quite comfortable with the main proc running as root. I would rather have it run as another user, and have some mechanism to switch to another user similar to su

Consider this scenario in which an executable A.bin uses libY.so and libZ.so. A.c, Y.c and Z.c are all written in C. Z.c and Y.c are compiled into respective .so files. This is the directory structure of the files $home/bin/A.bin $home/lib/libY.so $home/lib/libZ.so When I run A.bin as normal user, A.bin runs normally as expected. Note: $LD_LIBRARY_PATH contains $home/lib I changed some code in A.c adding some functionality which needs admin privileges(like binding to a port less than 1000). I set the setuid bit for A.bin, libY.so and libZ.so to rwsrwsrws, and change the ownership of the files

What do the functions getresuid(&arg1,&arg2,&arg3) and setresuid(arg1,arg2,arg3) do? It would be great if a really basic explanation of these functions were given. From the credentials(7) man page (abridged): On Linux, each process has the following user and group identifiers: Real user ID and real group ID. These IDs determine who owns the process. Effective user ID and effective group ID. These IDs are used by the kernel to determine the permissions that the process will have when accessing shared resources such as message queues, shared memory, and semaphores. On most UNIX systems, these

I'm looking for a method to drop process rights for security reasons. I want to start as user with privileges and end as limited user. For example I want my web server to run under restricted user by I still want to listen on port 80. How can I do such things under Windows. Something similar to Unix's: bind_to_80(); chroot("/some/limited/dir"); setuid(limited_user_id); setgid(limited_group_id); chroot("/some/limited/dir"); // drop some more rights fork(); // now I can't come back How can I do something similar under Windows? Edit: Of course I understand that Windows does not have fork or

I created a setuid program in C. The executable looks like this: -r-s-r-s--- 1 root users 13073 Jun 15 21:56 server I execute the program as userA/users and try to set the uid/gid to userB/otherUsers . setgid() fails with Operation not permitted. userA is not part of otherUsers How can I change the effective gid? [EDIT] Here is a small summary of what I did. My C program, executed as userA, sets uid and gid to userB and creates a file. Not as expected, the file belongs to the group root, because setgid() fails. [userA@node uid]$ id uid=11945(userA) gid=544(users) groups=544(users) [userA@node

Why this simple programs that use os.setuid()/gid() fails? Is written in python but I think that is not a language relative problem (at the end are all the same posix system call): import os, pwd if os.getenv("SUDO_UID") and os.getenv("SUDO_GID"): orig_uid=int(os.getenv("SUDO_UID")) orig_gid=int(os.getenv("SUDO_GID")) else: pw = pwd.getpwnam("nobody") orig_uid = pw.pw_uid orig_gid = pw.pw_gid print os.getuid(), os.getgid(), os.geteuid(), os.getegid(), orig_uid, orig_gid os.setgid(orig_gid) os.setuid(orig_uid) It returns this exception: $ sudo python provgid.py 0 0 0 0 1000 1000 Traceback (most

I have a process with permissions 4750. Two users exist in my Linux system. The root user and the appz user. The process inherits the permissions of a process manager that runs as "appz" user. I have two basic routines: void do_root (void) { int status; status = seteuid (euid); if (status < 0) { exit (status); } } /* undo root permissions */ void undo_root (void) { int status; status = seteuid (ruid); if (status < 0) { exit (status); } status = setuid(ruid); if (status < 0) { exit (status); } } My flow is the following: int main() { undo_root(); do some stuff; do_root(); bind( port 80); /

I made a perl script to change owner of a file owned by some other user. Script is complete. My administrator save that in /sbin directory and set uid for it using chmod u+s name_of_script. But when i run this script it gives me error that chown operation is not permitted. I made a C program and it works by following same steps. So my question is if setuid is working for perl then i should not get that error because C code did not give me any error. So can i setuid for perl script or i should go with c code. Don't tell me to ask administrator to change owner each time. Actually in server i