[pve-devel] [RFC pve-common] Add user to run_command
Wolfgang Link
w.link at proxmox.com
Wed May 18 18:21:20 CEST 2016
My be we can fork and set the id.
> Dietmar Maurer <dietmar at proxmox.com> hat am 18. Mai 2016 um 18:11 geschrieben:
>
>
> > I discuss with Wolfgang and we will change some things.
> > Set Home Dir.
> > Check if setuid and setguid worked.
> > Check User.
> >
> > So I will send a patch V2.
> >
> > We can set the ID back on the end of the function.
> > I think this make sense.
>
> But it is not trivial. Please read:
>
> # man setuid
>
> If the user is root or the program is set-user-ID-root, special care must be
> taken. The setuid() function
> checks the effective user ID of the caller and if it is the superuser,
> all process-related user ID's are set to
> uid. After this has occurred, it is impossible for the program to regain
> root privileges.
>
> Thus, a set-user-ID-root program wishing to temporarily drop root
> privileges, assume the identity of an unpriv‐
> ileged user, and then regain root privileges afterward cannot use
> setuid(). You can accomplish this with
> seteuid(2).
More information about the pve-devel
mailing list