Re: [luau] daemons running as root

cpaul Tue, 11 Feb 2003 15:13:07 -1000

Here is a python script I wrote to change user ids for daemons:

#####


#!/usr/bin/env python
import os,pwd
from sys import argv

def c_uid(u):
        try:
                uid = int(u)
                os.setuid(uid)
        except ValueError:
                uid = pwd.getpwnam(u)[2]
                os.setuid(uid)
                
def c_dir(dir,chroot=0):
        os.chdir(dir)
        if chroot != 0 :
                os.chroot(dir)

if __name__ == "__main__":
        if len(argv) < 4:
                print "Usage: %s user directory command" % (argv[0])
        else:
                c_dir(argv[2])
                c_uid(argv[1])
                pid = os.spawnvpe(os.P_NOWAIT, argv[3], argv[3:], os.environ)
                print "%s running with pid: %s" % (argv[3], pid)


###

setuid(), chdir() and chroot() in the system should help too (for C)


peace,
charles


On Tue, Feb 11, 2003 at 01:31:49PM -1000, Brian Chee wrote:
> Actually I second that motion.....my wish is a way to start a program during
> boot (daemon) but run as a dedicated user (kinda like nobody) so that I can
> limit possible damage.  chroot comes to mind, but how to I get the program
> as a different user?
> 
> /brian chee
> 
> University of Hawaii ICS Dept
> Advanced Network Computing Lab
> 1680 East West Road, POST rm 311
> Honolulu, HI  96822
> 808-956-5797 voice, 808-956-5175 fax
> 
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, February 11, 2003 1:13 PM
> Subject: [luau] daemons running as root
> 
> 
> > How does one get daemons to run as a user other than root?
> >
> > I tried using:
> >
> > su <username> -c <invoke daemon>
> >
> > but it doesn't seem to work. Are the daemons supposed to change their own
> privilege level?
> >
> > One problem is that the system I'm actually trying to fix is running IRIX,
> not linux. But there's usually enough common ground that I can figure out
> what will work on one from finding out what works on the other. Maybe not in
> this case.
> >
> > Dazed Dave
> > _______________________________________________
> > LUAU mailing list
> > [EMAIL PROTECTED]
> > http://videl.ics.hawaii.edu/mailman/listinfo/luau
> 
> _______________________________________________
> LUAU mailing list
> [EMAIL PROTECTED]
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

Re: [luau] daemons running as root

Reply via email to