Path: utzoo!utgpu!watmath!watcgl!daemon From: lindsay@watnext.waterloo.edu Newsgroups: uw.unix Subject: setting permissions Message-ID: <11148@watcgl.waterloo.edu> Date: 18 Aug 89 22:52:38 GMT Sender: daemon@watcgl.waterloo.edu Reply-To: lindsay%watnext.waterloo.edu@watcgl.waterloo.edu Distribution: uw Lines: 27 From: Lindsay Patten The following program illustrates how to do what I think you want to do. Chown it to root and chmod it. main() { printf("ruid = %d, euid = %d\n", getuid(), geteuid()); if(chroot("/tmp")) perror("chroot"); if(seteuid(getuid())) perror("seteuid"); if(fopen("/tmp/test","w") == 0) perror("fopen"); printf("ruid = %d, euid = %d\n", getuid(), geteuid()); } By using chmod u+s the euid gets set to the owner of the file, the ruid remains that of the real user. After the seteuid(getuid()) call the process will have euid == ruid == (uid of process that called the program) and will be unable to ever regain it's setuid status. Thus there is no security risk provided the program itself is not tampered with. The file will appear in /tmp/tmp/test. Cheers, Lindsay