setuid

how to use setuid() from root to become user, with the possiblity of becoming root again later ?

Hello all, I'm trying to do the safe thing, and have a program that needs to runs as root to drop its privileges when it doesn't need them. This works well if I chmod my binary with the SUID bit, and make it belong to root, as now I have UID = some user, and EUID = root, so I can use seteuid(0) and seteuid(getuid()) to respectively rais...

how do i claim a low-numbered port as non-root the "right way"

I have a script that I want to run as a daemon listening on a low-numbered port (< 1024) Script is in python, though answers in perl are also acceptable. The script is being daemonized using start-stop-daemon in a startup script, which may complicate the answer What I really (think) don't want is to type ps -few and see this process r...

Get calling user ID in PHP setuid script

I have a PHP script on Linux in which the sticky bit is set, so it gets executed as the file owner. How can I get the user id of the calling process, for authorization purposes? Context: I have two applications on a server, and want one to request some info from the other. For this reason the other offers a script with setuid, but I wan...

Passwordless SSH using cgi-perl script

Hello, This is my first shot at trying out cgi-perl scripts. I have SSH keys set up between my (root user) local machine and a remote machine. I'm trying to run a command on the remote box and display the output on a webpage hosted from my local machine. The script runs fine from command line however, it throws SSH key error when called...

Automated testing of privileged operations

How do you unit/integration test code that requires a different privilege level than exists in your continuous integration environment? In my non-root, CCRB-driven build environment, I've got some utility functions that assume privileges that don't hold in my automated build environment: either root privileges or special accounts and g...

setting up the environment when changing to another user

I have a bash backup script run as root (cron) that delegates certain tasks to other specific bash scripts owned by different users. (simplified example, principle is, some things have to be done as root, different tasks are delegated to users with the appropriate environment (oracle, amazon, ...) mkdir -p /tmp/backup$NAME su - oracle -...

sgid bit security

I work in a shared web development environment. My team frequently creates new files and folders on the server, but they always need to change group permissions afterward. For default permissions on new files, I set umask 002 in the bashrc. BUT for default permissions on new directories: $ sudo chmod g+s /var/www New directories withi...

Dropping process rights under windows

Hello, I'm looking for a method to drop process rights for security reasons. I want to start as user with privileges and end as limited user. For example I want my web server to run under restricted user by I still want to listen on port 80. How can I do such things under Windows. Something similar to Unix's: bind_to_80(); chroot("/s...