I am struggling to get a daemon's child processes to be created under an appropriate group ID.
setuid and setgid only seem to affect the real ID/group, not the effective one.
Assigning to the special variables $<, $>, $( and $) works for the ID, but not the group.
Both the setuid/setgid and the assignation-to-special-variables code is shown above, the former commented out.#!/usr/bin/perl -w use strict; use POSIX qw(setgid setsid setuid); my $i; my $pid; my @user; my $dmon_id="furrypop"; my $outfile="/export/home/furrypop/daemon.out"; &write_log("Start"); chdir '/' or die "Can't chdir to /: $!"; open STDIN, '/dev/null' or die "Can't read /dev/null: $!"; open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!"; defined($pid = fork) or die "Can't fork: $!"; if ($pid) { # parent-only processing follows... &write_log("Parent"); sleep 10; } else { # child-only processing follows... # switch the ID under which the child is running setsid or die "Can't start a new session: $!"; @user=getpwnam($dmon_id); if (@user) { # setuid $user[2] or die "Cannot switch ID to $dmon_id: $!"; # setgid $user[3] or die "Cannot switch group for $dmon_id: $!" +; $< = $user[2]; $> = $user[2]; $( = $user[3]; $) = $user[3]; } else { die "Invalid user ID ($dmon_id)"; } &write_log("Child"); sleep 10; } sub write_log { open(OUTFILE, ">>$outfile") or die "Cannot open file $outfile : $! +"; print OUTFILE "$_[0] pid $$\n user real $< effective $>\n group +real $( effective $)\n"; close OUTFILE; }
There's also a sleep in there in order to give one time to check the processes with ps.
With:-
The processes are:-$< = $user[2]; $> = $user[2]; $( = $user[3]; $) = $user[3];
The output file contains:-root 15569 8068 0 16:06:31 pts/12 0:00 /usr/bin/perl -w daemon +_gid_test.pl furrypop 15570 15569 0 16:06:31 ? 0:00 /usr/bin/perl -w daemon +_gid_test.pl
With:-Start pid 15569 user real 0 effective 0 group real 1 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 0 + 1 Parent pid 15569 user real 0 effective 0 group real 1 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 0 + 1 Child pid 15570 user real 514 effective 514 group real 1 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 0 + 1
The processes are:-setuid $user[2] or die "Cannot switch ID to $dmon_id: $!"; setgid $user[3] or die "Cannot switch group for $dmon_id: $!";
The output file contains:-root 15588 8068 0 16:08:50 pts/12 0:00 /usr/bin/perl -w daemon +_gid_test.pl root 15589 15588 0 16:08:50 ? 0:00 /usr/bin/perl -w daemon +_gid_test.pl
Start pid 15588 user real 0 effective 0 group real 1 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 0 + 1 Parent pid 15588 user real 0 effective 0 group real 1 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 0 + 1 Child pid 15589 user real 514 effective 0 group real 350 12 9 8 7 6 5 4 3 2 0 1 effective 1 12 9 8 7 6 5 4 3 2 + 0 1
J.
In reply to Daemon IDs and groups aka setuid setgid vs $< $> $( $) by furrypop
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |