[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Proposal] switching user and group id
|
From: |
Rory Toma |
|
Subject: |
Re: [Proposal] switching user and group id |
|
Date: |
Wed, 09 Apr 2003 21:23:56 -0000 |
Since there are so many other ways to take care of this...
-1
On Wed, 2003-04-09 at 14:10, Martin Pala wrote:
> It could be useful for some users. I don't run currently any application
> which will require it, so my vote is +0
>
> Martin
>
>
> Jan-Henrik Haukeland wrote:
>
> >I was starting a program the other day from monit. The program should
> >run as a special user but does not switch to a new uid and gid like
> >apache does. So if monit is run by root the program also runs as the
> >root user. It occured to me that switching uid (and gid) can be done
> >by monit.
> >
> >Before monit starts a program it fork of a new process in this process
> >the uid/gid could be changed before monit starts the program. (A
> >sample function for doing such a switch is provided below as an
> >example).
> >
> >
> >The START statement in the control file will need to be extended with
> >an optional part as shown here:
> >
> > check XYZ ..
> > start "/etc/init.d/xyz start" as USER nobody and GROUP nobody
> >
> >Would such a functionality be useful for others and something we
> >should implement in monit?
> >
> >
> >
> >
> >
> >/**
> > * Change the current user and group identity to the new user and
> > * group. This method does nothing unless the program is run by the
> > * super-user.
> > * @param uid A string specifying the user id the process should
> > * switch to.
> > * @param gid A string specifying the group id the process should
> > * switch to.
> > * @return TRUE on sucess otherwise FALSE
> > */
> >int change_identity(const char *user, const char *group) {
> >
> > int r=0;
> >
> >
> > if(! getuid()) {
> >
> > char buf[STRLEN];
> > struct group *g;
> > struct group gid;
> > struct passwd *u;
> > struct passwd uid;
> >
> > if(0 != (r= getpwnam_r(user, &uid, buf, STRLEN, &u)))
> > goto error;
> > if(!u)
> > goto error;
> > if(0 != (r= setuid(u->pw_uid)))
> > goto error;
> >
> > if(0!=(r=getgrnam_r(group, &gid, buf, STRLEN, &g)))
> > goto error;
> > if(!g)
> > goto error;
> > if(0 != (r= setgid(g->gr_gid)))
> > goto error;
> >
> > return TRUE;
> >
> > }
> >
> > error:
> > if(r>0)
> > log("Error looking up user id or group id -- %s\n", strerror(r));
> >
> > return FALSE;
> >
> >
> >}
> >
> >
> >
>
>
>
>
> --
> To unsubscribe:
> http://mail.nongnu.org/mailman/listinfo/monit-general
--
Rory Toma address@hidden
VP of Run Level 9 http://www.trs80.net
Digeo Digital http://www.digeo.com
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Proposal] switching user and group id,
Rory Toma <=