Re: Effective, Real and Group id switching for daemons

From: "John Hanna" <jhanna@cproject.com>

> One of the important features is to be able to run as non-root after we

I can think of 2 other options:

    use a high port as non-root with port-forwarding to get SMTP traffic     bind as non-root to port 25 (simple in open-source *nix)

> First is it important to switch the real uid as well? It might be nice to

Exactly - you need to do that.

> Secondly do I need to give the option to switch effective and real group id

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A few moments with "man perlvar" should lead you to something like this which you can test by running it as root.

#!/usr/bin/perl -w

system("id");
$)="500 500"; # set group IDs, appears twice to call setgroups() $(=500;
system("id");
$>=500; # set user IDs
$<=500;
system("id"); Received on Sat Jan 25 12:12:42 2003