[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Proposal] switching user and group id
|
From: |
Jani Mikkonen |
|
Subject: |
Re: [Proposal] switching user and group id |
|
Date: |
10 Apr 2003 11:39:54 +0300 |
I have accomplished same thing (with tomcat and jboss'es) so that i've
written a shellscript that setups few environment variables and builds
up needed jar paths, and calls up the *real* startup script with su so
that the daemon dont run as root.
So it does the same thing but alas, i can see that this could be usefull
for some people.
++
On Thu, 2003-04-10 at 00:10, Martin Pala wrote:
> It could be useful for some users. I don't run currently any application
> which will require it, so my vote is +0
>
> Martin
>
>
> Jan-Henrik Haukeland wrote:
>
> >I was starting a program the other day from monit. The program should
> >run as a special user but does not switch to a new uid and gid like
> >apache does. So if monit is run by root the program also runs as the
> >root user. It occured to me that switching uid (and gid) can be done
> >by monit.
> >
> >Before monit starts a program it fork of a new process in this process
> >the uid/gid could be changed before monit starts the program. (A
> >sample function for doing such a switch is provided below as an
> >example).
> >
> >
> >The START statement in the control file will need to be extended with
> >an optional part as shown here:
> >
> > check XYZ ..
> > start "/etc/init.d/xyz start" as USER nobody and GROUP nobody
> >
> >Would such a functionality be useful for others and something we
> >should implement in monit?
> >
> >
> >
> >
> >
> >/**
> > * Change the current user and group identity to the new user and
> > * group. This method does nothing unless the program is run by the
> > * super-user.
> > * @param uid A string specifying the user id the process should
> > * switch to.
> > * @param gid A string specifying the group id the process should
> > * switch to.
> > * @return TRUE on sucess otherwise FALSE
> > */
> >int change_identity(const char *user, const char *group) {
> >
> > int r=0;
> >
> >
> > if(! getuid()) {
> >
> > char buf[STRLEN];
> > struct group *g;
> > struct group gid;
> > struct passwd *u;
> > struct passwd uid;
> >
> > if(0 != (r= getpwnam_r(user, &uid, buf, STRLEN, &u)))
> > goto error;
> > if(!u)
> > goto error;
> > if(0 != (r= setuid(u->pw_uid)))
> > goto error;
> >
> > if(0!=(r=getgrnam_r(group, &gid, buf, STRLEN, &g)))
> > goto error;
> > if(!g)
> > goto error;
> > if(0 != (r= setgid(g->gr_gid)))
> > goto error;
> >
> > return TRUE;
> >
> > }
> >
> > error:
> > if(r>0)
> > log("Error looking up user id or group id -- %s\n", strerror(r));
> >
> > return FALSE;
> >
> >
> >}
> >
> >
> >
>
>
>
>
> --
> To unsubscribe:
> http://mail.nongnu.org/mailman/listinfo/monit-general
--
Jani Mikkonen <jani dot mikkonen at jippiigroup dot com>
ADVOGATE Profile: http://www.advogato.org/person/rasjani
Public key available from www.keyserver.net - ProPrivacy!
signature.asc
Description: This is a digitally signed message part
- [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/08
- Re: [Proposal] switching user and group id, Martin Pala, 2003/04/09
- Re: [Proposal] switching user and group id,
Jani Mikkonen <=
- Re: [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/10
- Re: [Proposal] switching user and group id, Jani Mikkonen, 2003/04/10
- Re: [Proposal] switching user and group id, Christian Hopp, 2003/04/10
- Re: [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/22
- Re: [Proposal] switching user and group id, Martin Pala, 2003/04/22
Re: [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/30