[pve-devel] [RFC pve-common] Add user to run_command
Dietmar Maurer
dietmar at proxmox.com
Wed May 18 18:11:53 CEST 2016
> I discuss with Wolfgang and we will change some things.
> Set Home Dir.
> Check if setuid and setguid worked.
> Check User.
>
> So I will send a patch V2.
>
> We can set the ID back on the end of the function.
> I think this make sense.
But it is not trivial. Please read:
# man setuid
If the user is root or the program is set-user-ID-root, special care must be
taken. The setuid() function
checks the effective user ID of the caller and if it is the superuser,
all process-related user ID's are set to
uid. After this has occurred, it is impossible for the program to regain
root privileges.
Thus, a set-user-ID-root program wishing to temporarily drop root
privileges, assume the identity of an unpriv‐
ileged user, and then regain root privileges afterward cannot use
setuid(). You can accomplish this with
seteuid(2).
More information about the pve-devel
mailing list