I think I have a case where I need to have an executable switch between root
and non-root access. Before diving into experiements, I’d like to do some
reading. Basically, how do setuid(), seteuid(), the ‘sticky bit’, etc all
work together? I’m guessing I need to make my executable have the sticky
bit, owned by root, then switch it between a normal and super user as
required.
Anyone know of of a good description of this stuff on the web?
In a word, we need ThreadCtl access to some device and/or memory i/o. At
these points, I understand I need to be root. However, I would like to NOT
be root outside of these calls, or at least at other interesting times.
Will seteuid() & friends help me here? Or do I just always need to run as
root?
Lastly, I’m hoping this is just an initialization/termination thing, but
it’s possible I may need to do it more often, so I’d also be interested in
finding out how expensive this is.
–
Have a server process that is setuid as root do the work for the non-root
process/thread. I have done this a lot in QNX4. That way a normal process
can aviod the risks of being run as root but when it needs to do certain
things it can send a request to the root process to do it’s work for it.
The root process can (if desired) determine if this particular non-root
process is allowed to do whatever the request is.
“Patrick Mueller” <patrick_mueller@oti.com> wrote in message
news:9kmcej$mpq$1@nntp.qnx.com…
I think I have a case where I need to have an executable switch between
root
and non-root access. Before diving into experiements, I’d like to do some
reading. Basically, how do setuid(), seteuid(), the ‘sticky bit’, etc all
work together? I’m guessing I need to make my executable have the sticky
bit, owned by root, then switch it between a normal and super user as
required.
Anyone know of of a good description of this stuff on the web?
In a word, we need ThreadCtl access to some device and/or memory i/o. At
these points, I understand I need to be root. However, I would like to
NOT
be root outside of these calls, or at least at other interesting times.
Will seteuid() & friends help me here? Or do I just always need to run as
root?
Lastly, I’m hoping this is just an initialization/termination thing, but
it’s possible I may need to do it more often, so I’d also be interested in
finding out how expensive this is.
–
\
Sure, great idea, but I have a LOT of work for this thing to do, and don’t
really want to invest in architecting a client/server interface on top of
what I’m already doing, if I don’t have to …
–
“Bill Caroselli (Q-TPS)” <qtps@earthlink.net> wrote in message
news:9kmmb3$m69$1@inn.qnx.com…
Have a server process that is setuid as root do the work for the non-root
process/thread. I have done this a lot in QNX4. That way a normal
process
can aviod the risks of being run as root but when it needs to do certain
things it can send a request to the root process to do it’s work for it.
The root process can (if desired) determine if this particular non-root
process is allowed to do whatever the request is.
“Patrick Mueller” <> patrick_mueller@oti.com> > wrote in message
news:9kmcej$mpq$> 1@nntp.qnx.com> …
I think I have a case where I need to have an executable switch between
root
and non-root access. Before diving into experiements, I’d like to do
some
reading. Basically, how do setuid(), seteuid(), the ‘sticky bit’, etc
all
work together? I’m guessing I need to make my executable have the
sticky
bit, owned by root, then switch it between a normal and super user as
required.
Anyone know of of a good description of this stuff on the web?
In a word, we need ThreadCtl access to some device and/or memory i/o.
At
these points, I understand I need to be root. However, I would like to
NOT
be root outside of these calls, or at least at other interesting times.
Will seteuid() & friends help me here? Or do I just always need to run
as
root?
Lastly, I’m hoping this is just an initialization/termination thing, but
it’s possible I may need to do it more often, so I’d also be interested
in
finding out how expensive this is.
–
\