[Techtalk] apache switching users to not nobody
Laurel Fan
laurel at freeshell.org
Tue Dec 11 03:54:22 EST 2001
Figured it out. Turns out that some script along the way gave up root
privileges and switched back to the real user[1]. Hacked around this
by calling setuid(0) in the setuid binary to set the real user ID to
root.
[1]. background: a process has both a real user ID and an effective
user ID (it also has a saved user ID, but we won't go into that here.)
Normally, these are the same, and correspond to the user who started
the process. When running a setuid program (ie. one that has the
setuid bit set in its file permissions), the real user ID is set to
the user who started the process, and the effective user ID is set to
the user who owns the setuid program. The process is supposed to act
like the effective user; it can open the effective user's files, etc.
--
laurel at sdf.lonestar.org SDF Public
Access UNIX System - http://sdf.lonestar.org
More information about the Techtalk
mailing list