I am thinking about the design of an iPhone app I'd like to create. One possible problem is that this application will have to run as root (to access certain network ports). In a typical UNIX app, I'd just get the app to run with setuid, but I'm wondering if that is possible with an iPhone app. I've read this question in Apple's forum...
Can anyone point to some code that deals with the security of files access via a path specified (in part) by an environment variable, specifically for Unix and its variants, but Windows solutions are also of interest? This is a big long question - I'm not sure how well it fits the SO paradigm. Consider this scenario: Background: Sof...
I am building a small system administration web application (think Web-Min, but in RoR) and I need to be able to access system parameters from my Ruby code. For instance, I want to allow the user to change the hostname, time zone, or network config of the server. My current thoughts are to have a separate setuid script (Perl, Ruby, ?...
I need to run a bash script as root (passwordless sudo or su not viable) and since you cannot setuid a script in Linux, I thought about calling it from an executable and making it setuid: $ cat wrapper.c int main(void) { system("/bin/bash ./should_run_as_root.sh"); } $ gcc -o wrapper wrapper.c $ sudo chown root wrapper $ sudo ch...
I'm using Perl's Archive::Tar module. It preserves the file permissions but doesn't preserve the sticky bit. At the other end where I extract the archive, all the sticky bits are gone. I think UNIX/LINUX operating system stores these sticky bits somewhere else. How can I make my archive preserve sticky bits also? Using the -p switch to ...
As the title says, does any Unix-like system ascribe a meaning to the SUID bit on a directory, and if so, what does it mean? The SVTX (saved text, or sticky) bit has a meaning - thou shalt not delete a file from this directory unless you can write to the file. It is used on /tmp, for example. The SGID (set GID) bit has a meaning - fil...
What's the canonical way to have an upstart job change its userid and run the script as an unprivileged user? Obviously one can use su or sudo, but this seems hacky (and can generate needless log lines). ...
On OS X privileged operations are done through AuthorizationExecuteWithPrivileges() around which Apple published two recommendations: The old MoreAuth using setuid helper tools. The current BetterAuthorizationSample littering the system with launchd files. I don't know any applications using the latter... ...
I had to do a dirty Linux hack for somebody so they could start a printer with the cupsenable printername shell command while being a non-root user. I didn't want them to be able to use the entirety of the cupsenable syntax as root, so I just wrote a C wrapper that sanitizes the input in argv[1] and calls system("cupsenable sanitizedprin...
Is there a way to change UID/GID only of one thread in a multithreaded process? The reason for this is writing a file-serving application - the ACL's and quota are not enforced unless the uid/gid of the caller is set to the correct user, new files/directories are not created with correct uid/gid etc. The network applications can usual...
Consider this scenario in which an executable A.bin uses libY.so and libZ.so. A.c, Y.c and Z.c are all written in C. Z.c and Y.c are compiled into respective .so files. This is the directory structure of the files $home/bin/A.bin $home/lib/libY.so $home/lib/libZ.so When I run A.bin as normal user, A.bin runs normally as expected. Note...
I have a git repository that needs to run a post-receive hook as sudo. The binary that I compiled to test this looks like: #include <stdlib.h> #include <unistd.h> #include <stdio.h> int main() { int ret; ret = setuid(geteuid()); if(!ret) { fprintf(stderr, "error setting uid %d \n", ret); } system("[...comma...
Is there a simple way to see the real,effective and saved UID and GID for a running process? ...
The linux 'id' command reports on groups= that process belongs to. When and how does this get filled in? I'm writing an suid/sgid program and it seems that the groups never get filled in for my process and perhaps just coincidentially, but the permissions inregards to an nfs mounted file system don't work correctly for it either (by th...
I'm writing a program in C that binds to a port < 1024. I'd like it to run at non-root privileges thereafter. I know I need to call setuid(), but with what argument? UID's vary from system to system. ...
I am running valgrind as follows:- /usr/local/bin/valgrind "process_name" After excecution its giving me following error ==21731== ==21731== Warning: Can't execute setuid/setgid executable: ==21731== Possible workaround: remove --trace-children=yes, if in effect ==21731== valgrind: "process name": Permission denied My valgrind per...
I've got a long running, daemonized Python process that uses subprocess to spawn new child processes when certain events occur. The long running process is started by a user with super user privileges. I need the child processes it spawns to run as a different user (e.g., "nobody") while retaining the super user privileges for the parent...
On the 2.6.28-11 Linux kernel, I am using setpriority to bias the amount of cpu time different user processes receive. User 1 is to receive double the CPU power of user 2. Using Linux's setpriority, I have assigned user 2 a lower priority (higher in terms of nice values). When I run the exact same program via the shell with the computer ...
Hello, I'm trying to set up a git post-receive hook such that when a commit is received, another clone of the repository on the machine gets updated (i.e. does a git pull origin master). I'm using gitosis to serve the repository and as such I believe a post-receive hook will be run as the gitosis user, whereas the repository I want to u...
Hi there, I'm trying to check if a file has the setuid bit in Python. The stat doc mentions a S_ISUID function but it only works with os.chmod(), not to actually read the setuid bit. It also lists S_IMODE, but I have no idea how to interpret it. How can I easily check if a file as the setuid root bit set? ...