From: Russell Marks (russell.marks@dtn.ntl.com)
Date: Wed 15 Mar 2000 - 15:16:16 IST
> I am trying to use setuid() to avoid having to run my svgalib program as root. In my simple minded way, I logged on as root, did an id; and saw that my uid was 0 (number 0). In the main program, I included #include <unistd.h>, and then the command setuid(0); When I ran the program as a mere mortal, "insuficient IO priviledges" error occured again. > > What am I missing? Thanks in advance. The Enter key. :-) You may want to turn on word-wrapping in your mailer or something. As for your question, the problem is that setuid() only lets you lose priviledges, not gain them. So forget about using that. Instead, what you want to do is something like this, for an svgalib program `foo': chown root:root foo chmod 4511 foo You need to be root for both these commands. This makes your program `setuid root', meaning that ANYBODY who runs it becomes root until after vga_init(). This should scare the hell out of you if you care about security, so you should try to have as little code before vga_init() as possible (preferably none at all, if possible). You could also restrict it to one user by putting it in a dir with e.g. 700 permissions (in other words, rwx------) so only the owner of that dir can run it. Or, you could restrict it to one group of users by, say: chown root:svgalib foo chmod 4510 foo You'll need to add the `svgalib' group before doing this, though, and add any users you want to be able to run it to that group. For more on the magical mystery world of permissions :-), try: info '(fileutils)Mode Structure' (Which, BTW, wins my special award for Most Inappropriately Terse and Obfuscatory Node Name in a Texinfo File. Ghod forbid they should have called it, say, "How Permissions Work".) -Rus. PS. I won't say FAQ if you won't. ;-)
This archive was generated by hypermail 2.1.4 : Wed 21 Jan 2004 - 22:10:23 IST