Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Dropping privileges

Reply
Thread Tools

Dropping privileges

 
 
Andrea Crotti
Guest
Posts: n/a
 
      07-31-2010
My program now sadly runs only as root, but actually I think that the
only thing that really needs root access is the creation of a tunnel
device.

Looking around I understood that I could use setuid() to drop the
privileges after critical part is over, but to what user?

I think this is the reason why mysql/openldap/etc creates new user, so
they can drop down to it when they're done with critical part.

But where exactly should this user cretion mechanism be set?
Still from the C program (removing it when exiting)?
Thanks
 
Reply With Quote
 
 
 
 
Nobody
Guest
Posts: n/a
 
      07-31-2010
On Sat, 31 Jul 2010 16:08:58 +0200, Andrea Crotti wrote:

> My program now sadly runs only as root, but actually I think that the
> only thing that really needs root access is the creation of a tunnel
> device.
>
> Looking around I understood that I could use setuid() to drop the
> privileges after critical part is over, but to what user?
>
> I think this is the reason why mysql/openldap/etc creates new user, so
> they can drop down to it when they're done with critical part.
>
> But where exactly should this user cretion mechanism be set?
> Still from the C program (removing it when exiting)?


First, you would do better to ask on comp.unix.programmer.

You definitely shouldn't be creating and deleting accounts from within
your program. Nowadays, such tasks are far more complex than they might
appear. You can't assume that it's just a matter of adding a line to
/etc/passwd, due to the use of NIS/LDAP/etc, or even integration with
Windows domains. On Linux, creation of accounts to run daemons is normally
handled by the package's installation script, and is specific to a given
distribution.

One issue with dropping down to an existing account such as daemon or adm
is that the account may be a member of certain privileged groups, e.g. bin.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dropping privileges in python daemon David Härdeman Python 1 08-18-2008 02:07 PM
program requires admin privileges nospam Wireless Networking 9 07-21-2005 04:59 PM
Wi-Fi privileges for users nospam Wireless Networking 1 01-30-2005 03:13 AM
ADSL Dropping But not Dropping!! Chris Bales Computer Support 9 08-29-2004 06:25 PM
Debugger privileges for ASP.NET Tony Nassar ASP .Net 6 02-12-2004 04:13 PM



Advertisments