[pve-devel] [RFC pve-common] Add user to run_command

Dietmar Maurer dietmar at proxmox.com
Wed May 18 18:11:53 CEST 2016


> I discuss with Wolfgang and we will change some things.
> Set Home Dir.
> Check if setuid and setguid worked.
> Check User.
> 
> So I will send a patch V2.
> 
> We can set the ID back on the end of the function.
> I think this make sense.

But it is not trivial. Please read:

# man setuid

If the user is root or the program is set-user-ID-root, special care must  be
 taken.   The  setuid()  function
       checks the effective user ID of the caller and if it is the superuser,
all process-related user ID's are set to
       uid.  After this has occurred, it is impossible for the program to regain
root privileges.

       Thus, a set-user-ID-root program wishing to temporarily drop root
privileges, assume the identity of an unpriv‐
       ileged  user,  and  then  regain  root  privileges afterward cannot use
setuid().  You can accomplish this with
       seteuid(2).




More information about the pve-devel mailing list