Why many servers change its uid and gid,what's the benefit?
Question
I see such logic in many open source projects:
if (setuid() == 0) {
if (setgid(ccf->group) == -1) {
...
if (initgroups(ccf->username, ccf->group) == -1) {
I have 2 questions on this:
- What's the benifit to change to another gid and uid?
- And what's
initgroupsfor? IMO,to change gid and uid,setuid()andsetgid()will be enough.
3 answers
solution1
4 ACCPTED 2011-06-03 05:59:26
Most of the time, system daemons are spawned by init scripts and therefore run as root . Calling setuid() and setgid() allows them to drop their superuser privileges and impersonate another user on the system (generally far less powerful than root ). That way, bugs and security holes become less lethal to the system.
Concerning the second part of your question, initgroups() is called to reinitialize the group access list and add ccf->group to the list of groups that ccf->username belongs to. That's probably done because calling setgid() is not sufficient for the access rights associated with the new group to be propagated to the process.
solution2
2 2011-06-03 05:59:38
Generally, you need administrative permission to listen on ports 1023 and below. (There are other reasons to start as administrator, but that's the big one.) But here's the thing: You can start as administrator, bind the socket, then drop down to be a user.
Now, why would you want to be a user? Well, if you run with the smallest amount of permissions possible, and your program is compromised, then the damage will be contained.
solution3
0
On some OS setgid() toasts the supplementary groups. Calling initgroups() before setgid() is thus ineffective.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.