how to revert back to the effective uid?

how to revert back to the effective uid?

Post by Keith Bas » Sat, 19 Dec 1992 10:47:37

        I'm having similiar problems with the BBS and setuid problem. What
 I have done so far is to like the BBS run setuid as a users shell.  With
 this setup users can drop to shell and user thier real uids.  But when
 they exit shell, the effective uid stays the same as the real UID and the
 user then can't write to the BBS files or post messages because these
 functions require the BBS's uid to work properly.

        My question: Is there a way to revert back to the original SUID
        status when the program was first run?!

 I need the BBS's functionality for ease of use and access control (more
 levels)... the help system is nice also.. Are there any programs that
 give these features and the power of unix as well?


1. UID / effective UID problem


Consider a user U, programs A which is set-uid A, program B is set-uid B.
U, A, and B are all simple mortals. No root-privilege.

Now, U calls A. As part of it's job, A fork/execs B. U should not need to
know that B is involved.

So we have

            real UID       effective UID   saved-set-UID
U's shell       U               U               U

program A       U               A               A

program B       U               B               B

A 'knows' its user U calling, and can check his credentials in , say, A.allow.
I want B to be able to authorize A using it's B.allow. But it can't! It can't
tell that its being called by A.
It does know the original caller was U, but in my situation that's irrelevant.

So, I studied Steven's 'Advanced Programming in the Unix Environment', section
8.10. to find out that BSD has a setreuid(), which can swap the real and
effective uid.
All other calls don't seem to help in this particular problem.

Now it looks like this:

            real UID       effective UID   saved-set-UID
U's shell       U               U               U

program A       U               A               A
  setreuid(..)  A               U               A

program B       A               B               B

That's exactly what I want! B can now whether A has the right to call B.
U is no longer visible!

Great. But *sigh*, it's not in XPG4, which is our portability goal.

So here's the question:
How can B tell it's A calling, using stuff available in Xopen XPG4 ??

Any hints are very much appreciated!


Ideta, 6 Frankemaheerd, 1102 AN Amsterdam, the Netherlands
My opinions are my own, not necessarily my boss's.
                                          Everything's relative - absolutely.

2. priority paging, what is it?

3. effective UID vs. Real UID with su - problem

4. Help: nenscript problem

5. setuid to a non-root uid for both effective&real uid

6. cant get DIP package to work in Iinux

7. Effective and Real UID and GID

8. fvwm; custimizing

9. Set effective uid?

10. Spawning shells with different effective uid's

11. Switching effective UID based on authentication

12. Effective vs. Real UIDs

13. setting an effective uid.