Path: utzoo!attcan!lsuc!eci386!clewis From: clewis@eci386.uucp (Chris Lewis) Newsgroups: comp.unix.xenix Subject: Re: Setuid(geteuid()), help Keywords: setuid, geteuid Message-ID: <1989Jun14.231026.10661@eci386.uucp> Date: 14 Jun 89 23:10:26 GMT References: <197@ajfcal.UUCP> <2733@piraat.cs.vu.nl> Reply-To: clewis@eci386.UUCP (Chris Lewis) Organization: R. H. Lathwell Associates: Elegant Communications, Inc. Lines: 46 In article <2733@piraat.cs.vu.nl> maart@cs.vu.nl (Maarten Litmaath) writes: >tony@ajfcal.UUCP (Tony Field) writes: >\Is there any way to do a setuid(geteuid()) when geteuid() != 0 ??? >setuid() to either geteuid() or getuid() must ALWAYS succeed. Elementary. Maarten's usually right, but in this case he isn't. *Most* versions of UNIX (eg: Xenix and SV, but I think BSD may be the opposite) do not allow you to setuid() to anything other than getuid() unless geteuid() == 0. (SVID and System V also include something called the saved userid, but this doesn't apply here.). On the other hand, BSD can do this quite easily as Maarten suggests with things like seteuid() and setruid(). Maarten's right in the rest of his article (except for being able to in general say setuid(geteuid()), however... The easiest way to get a mkdir to get the ownership the way you want it is to write a setuid root wrapper that invokes mkdir and then chown's the created directory to "news" explicitly. eg, compile and make setuserid root: main(argc, argv) int argc; char **argv; { int pid; if ((pid = fork()) == 0) exec("/bin/mkdir", argv[1], 0); while(wait(0) != pid); exec("/bin/chown", "news", argv[1], 0); } (error checking and strong typing left as an exercise to the reader.) Grotty and inefficient but effective and small. -- Chris Lewis, R.H. Lathwell & Associates: Elegant Communications Inc. UUCP: {uunet!mnetor, utcsri!utzoo}!lsuc!eci386!clewis Phone: (416)-595-5425 -- Chris Lewis, R.H. Lathwell & Associates: Elegant Communications Inc. UUCP: {uunet!mnetor, utcsri!utzoo}!lsuc!eci386!clewis Phone: (416)-595-5425