[Nottingham] suid / sgid file params puzzle ... or a bug?
Martin
martin at ml1.co.uk
Sat May 29 17:05:07 BST 2004
Mark O'Shea wrote:
> See below for comments.
>
> On Sat, 29 May 2004, Martin wrote:
[...]
>>>I'm trying to use the set user id and set group id bits, but this
>>>doesn't work as I expected...
[...]
> Using su on the otherhand changes your real uid or gid, so anything
> executed after that will inherit the real u/gid that you requested.
>
> So it's not a bug but a security feature. What I would probably do is
> look at why this bash script is running as root in the first place,as if
> it was found that it is necessary then use su to change your ruid to that
> of the unprivileged user to run it.
Thanks for the good explanation.
The script is run from localrc at startup and hence is root at the
point. The "su" is obviously needed here.
I'm just starting a few background tasks that soak up the CPU idle time
and hopefully do some useful science rather than just idling
Regards,
Martin
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
More information about the Nottingham
mailing list