Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: dropping from root to lower user

by aquarium (Curate)
on Jun 15, 2003 at 11:30 UTC ( #266016=note: print w/replies, xml ) Need Help??


in reply to dropping from root to lower user

although you can (as per the other answers), you realy shouldn't be running a process as root in the first instance. Try realy hard to avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet. if you realy must run it as root (which is not the case in 99.99% of situations) then make sure any input is squeaky clean with taint etc.

Replies are listed 'Best First'.
Re: Re: dropping from root to lower user
by jepri (Parson) on Jun 15, 2003 at 14:09 UTC
    There are plenty of good reasons to run as root. On systems without capacility functions, it's the only way to get privileged access to restricted resources. For instance, Apache is usually suid root so that it can listen on port 80 (only accessable to root). It then switches users but keeps the network socket.

    Perl programs can do this fairly reliably in the Unix world by passing the socket handle through a pipe to an unprivileged child, or just passing the relevant data.

    I agree that programmers should avoid writing programs that run as root, but a lot of mine do because they automate system admin jobs that must be done as root.

    avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet.

    Your operating system runs as root, you know :)

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://266016]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (1)
As of 2022-10-01 10:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer my indexes to start at:




    Results (126 votes). Check out past polls.

    Notices?