From: David Given on
I'm trying to make a daemon drop root permissions after initialisation.
This turns out to be more complicated than I thought, particularly when
it comes to uids vs euids vs reguids etc and I'm finding it rather
difficult to find any decent online references.

Can anyone point me at a known best practice for how to do this correctly?

My requirements are: I do my initialisation as root. After
initialisation, I wish to change to be running under a known uid and
gid. I don't need to change back again later. I do need to initialise
the group list.

I'd assume naively that it was just a matter of calling initgroups(),
set[e]gid() and set[e]uid() in that order, but it seems there's more to
it than that...

--
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│ "Blue is beautiful... blue is best...
│ I'm blue! I'm beautiful! I'm best!"
│ --- _Dougal and the Blue Cat_
From: Ersek, Laszlo on
On Tue, 27 Jul 2010, David Given wrote:

> I'm trying to make a daemon drop root permissions after initialisation.
> This turns out to be more complicated than I thought, particularly when
> it comes to uids vs euids vs reguids etc and I'm finding it rather
> difficult to find any decent online references.
>
> Can anyone point me at a known best practice for how to do this
> correctly?
>
> My requirements are: I do my initialisation as root. After
> initialisation, I wish to change to be running under a known uid and
> gid. I don't need to change back again later. I do need to initialise
> the group list.
>
> I'd assume naively that it was just a matter of calling initgroups(),
> set[e]gid() and set[e]uid() in that order, but it seems there's more to
> it than that...

I guess:

http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html
http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html

Their rationales might prove relevant to you.

lacos
From: Yoshi on
On Jul 26, 4:10 pm, David Given <d...(a)cowlark.com> wrote:
> I'm trying to make a daemon drop root permissions after initialisation.
> This turns out to be more complicated than I thought, particularly when
> it comes to uids vs euids vs reguids etc and I'm finding it rather
> difficult to find any decent online references.
>
> Can anyone point me at a known best practice for how to do this correctly?
>
> My requirements are: I do my initialisation as root. After
> initialisation, I wish to change to be running under a known uid and
> gid. I don't need to change back again later. I do need to initialise
> the group list.
>
> I'd assume naively that it was just a matter of calling initgroups(),
> set[e]gid() and set[e]uid() in that order, but it seems there's more to
> it than that...

I think if you are doing initialization as root, setgid(),
initgroups(), then setuid() should work.
Is there anything wrong with that?
--
Yoshi
From: David Given on
On 27/07/10 09:06, Ersek, Laszlo wrote:
[...]
> http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html
> http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html
>
> Their rationales might prove relevant to you.

Thanks, but I'd already seen those; as the rationales basically boil
down to 'it's complicated than it appears', I'd very much rather not try
to second-guess the documentation. This code is security-related, after
all, and has to be right.

I'd have thought that this was a common enough task that there'd be
examples online available on how to do it right, but I haven't found
much yet, and those that I have found don't appear to be correct (they
don't set the groups list, for example); hence the reason I'm asking
here. Can anyone point me at a known correct example of how to do this?

--
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│ "Blue is beautiful... blue is best...
│ I'm blue! I'm beautiful! I'm best!"
│ --- _Dougal and the Blue Cat_
From: Yoshi on
On Jul 27, 4:05 pm, David Given <d...(a)cowlark.com> wrote:
> On 27/07/10 09:06, Ersek, Laszlo wrote:
> [...]
>
> >http://www.opengroup.org/onlinepubs/9699919799/functions/setreuid.html
> >http://www.opengroup.org/onlinepubs/9699919799/functions/setuid.html
>
> > Their rationales might prove relevant to you.
>
> Thanks, but I'd already seen those; as the rationales basically boil
> down to 'it's complicated than it appears', I'd very much rather not try
> to second-guess the documentation. This code is security-related, after
> all, and has to be right.
>
> I'd have thought that this was a common enough task that there'd be
> examples online available on how to do it right, but I haven't found
> much yet, and those that I have found don't appear to be correct (they
> don't set the groups list, for example); hence the reason I'm asking
> here. Can anyone point me at a known correct example of how to do this?
>

I see one article here, and it also has references.
www.usenix.org/publications/login/2008-06/pdfs/tsafrir.pdf
--
Yoshi