Drop daemon privilegies
Brilliantov Kirill Vladimirovich
brilliantov at byterg.ru
Tue Nov 22 07:51:48 UTC 2011
Hello!
I have use busybox-1.18.4 and I try run daemon on start system with
minimal privilegies.
Below my code:
#define ERROR(fmt, args...) syslog(LOG_ERR, fmt ": %m", ##args)
int8_t drop_root(const char *user)
{
ERROR("Run %s, user %s", __func__, user);
struct passwd *pwd = NULL;
if (NULL == (pwd = getpwnam(user)))
return -1;
ERROR("After getpwnam, uid = %d, gid = %d", pwd->pw_uid, pwd->pw_gid);
if (setgid(pwd->pw_gid)) {
//ERROR("After setGID");
return -1;
}
ERROR("After setGID");
if (setuid(pwd->pw_uid)) {
//ERROR("After setUID");
return -1;
}
ERROR("After setUID");
return 0;
}
/etc/init.d/monitor.sh:
PID=/var/run/monitd.pid
DAEMON=monitd
CONFIG=/etc/monitor
USER=monitor
start()
{
start-stop-daemon --quiet --pidfile $PID --background \
-S --exec $DAEMON -- --config $CONFIG --user $USER
}
~ # grep monitor /etc/passwd
monitor:x:100:100:Monitoring daemon:/home/monitor:/bin/false
# grep monitor /etc/group
monitor:x:100:monitor
If I start daemon manual all OK, but if starting daemon with system -
daemon not running.
Below output in console:
monitor: Run drop_root, user monitor: Success
monitor: After getpwnam, uid = 100, gid = 100: Success
monitor: After setGID: Illegal seek
I try use seteuid and setegid, but it not solve problem.
How can I solve this problem - drop root privilegies for daemon on
starting daemon with system?
Thank you and excuse me for my bad english.
--
Best regards,
Brilliantov Kirill Vladimirovich
More information about the busybox
mailing list