http://qs1969.pair.com?node_id=265954

Mirage has asked for the wisdom of the Perl Monks concerning the following question:

Hi there,

is there a way to drop the current user-level of the process from root to say www?
I thought about forking with another uid and then kill the parent, I also would really like to know how to do that.

Thanks in advance

Replies are listed 'Best First'.
Re: dropping from root to lower user
by Zaxo (Archbishop) on Jun 15, 2003 at 00:28 UTC

    Another way: 

    use POSIX 'setuid';
setuid ((getpwnam 'www')[2]);

    [download]

    After Compline,
    Zaxo

[reply]
[d/l]
Re: dropping from root to lower user
by sauoq (Abbot) on Jun 14, 2003 at 22:07 UTC

    Read perldoc pervar and look for info on $< and $(. They are settable.

    -sauoq
"My two cents aren't worth a dime.";
[reply]
      The only caveat which I would add to this is that these variables - $<, $>, $( and $) - can only be set on machines that support the underlying set[re][ug]id() routines.

       

      perl -le 'print+unpack"N",pack"B32","00000000000000000000001001101010"'

[reply]
[d/l]
[select]
Re: dropping from root to lower user
by aquarium (Curate) on Jun 15, 2003 at 11:30 UTC
    although you can (as per the other answers), you realy shouldn't be running a process as root in the first instance. Try realy hard to avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet. if you realy must run it as root (which is not the case in 99.99% of situations) then make sure any input is squeaky clean with taint etc.
[reply]
      There are plenty of good reasons to run as root. On systems without capacility functions, it's the only way to get privileged access to restricted resources. For instance, Apache is usually suid root so that it can listen on port 80 (only accessable to root). It then switches users but keeps the network socket.

      Perl programs can do this fairly reliably in the Unix world by passing the socket handle through a pipe to an unprivileged child, or just passing the relevant data.

      I agree that programmers should avoid writing programs that run as root, but a lot of mine do because they automate system admin jobs that must be done as root.

      avoid running the prog as root in the first place, unless this program will never live on a machine that ever gets connected to the internet.

      Your operating system runs as root, you know :)

      ____________________
      Jeremy
      I didn't believe in evil until I dated it.

[reply]
Re: dropping from root to lower user
by jepri (Parson) on Jun 15, 2003 at 13:58 UTC
    You could just do: 

    system("/bin/su", "user", "-c", "perl", $0, @args);

    [download]

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]
[d/l]

Back to Seekers of Perl Wisdom