On Sun, 10 Feb 2008, j.chitte wrote:
>> make the program setuid root
>>
>> chown root adc_logger
>> chmod 755 adc_logger
>> chmod +s adc_logger
>>
>
> Thanks, I'd sussed I could use chmod 4755 ;) , I was just wondering
> if that was a reasonable route. Sounds like you're confirming that.
>
>> (I can never remember how to set the permissions in one go)
>>
>> Then it will be able to do the business - even as "nobody" running from
>> apache.
>>
>>> This is all as it should be but I would like some suggestions on a
>>> safe way to get this senario to work.
>>
>> make sure your program can do nothing dangerous, or drop the root euid
>> after you've done everything you need as root.
>>
>
> " drop the root euid" , what command should I refer to to do that?
Ah I knew you'd ask that, and my grey cells are failing.
One of seteuid(), setresuid(), or setuid(), after of course having done
a suitable get*uid to get your real uid.
from one of my programs dated 1996
/* get this process's uid, gid and euid..... */
uid=getuid(); euid=geteuid(); gid=getgid();
if (seteuid(euid)) exit(errno);
/* do stuff needing root */
if (seteuid(uid)) exit(errno); /* turn off the setuid */
etc
> Once I have requested the IO memory , do I still need to have root
> access to read adc channels as in your orignal adc_logger ?
>
> That's the only process that will remain running more than one
> second. The other IO is pretty short lived and terminates straight
> away.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|