Johannes Hofmann wrote: > Yes, the latter. In a program I want to exec another binary with > limited privileges.
The traditional UNIX way is to exec that other binary as an unprivileged user, e.g. "nobody". The problem is that you must be root to call setuid() in the first place. You can use sudo(8) or super(1) for that purpose. Of course the problem could be solved in a much better way with mandatory access control (MAC), which requires appropriate support from the OS. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd