http://qs1969.pair.com?node_id=266016


in reply to dropping from root to lower user

although you can (as per the other answers), you realy shouldn't be running a process as root in the first instance. Try realy hard to avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet. if you realy must run it as root (which is not the case in 99.99% of situations) then make sure any input is squeaky clean with taint etc.

Replies are listed 'Best First'.
Re: Re: dropping from root to lower user
by jepri (Parson) on Jun 15, 2003 at 14:09 UTC
    There are plenty of good reasons to run as root. On systems without capacility functions, it's the only way to get privileged access to restricted resources. For instance, Apache is usually suid root so that it can listen on port 80 (only accessable to root). It then switches users but keeps the network socket.

    Perl programs can do this fairly reliably in the Unix world by passing the socket handle through a pipe to an unprivileged child, or just passing the relevant data.

    I agree that programmers should avoid writing programs that run as root, but a lot of mine do because they automate system admin jobs that must be done as root.

    avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet.

    Your operating system runs as root, you know :)

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]

In Section Seekers of Perl Wisdom