Dropping effective UID under AIX?

Thread: Dropping effective UID under AIX?

Search this list only Search all lists
Dropping effective UID under AIX?
	2006-12-21 20:53:38
Hello all, First, dont hesitate to tell me if you think this post belongs elsewhere. I'm having trouble changing Real UID and Effective UID with Perl 5.8 under AIX 5.2. I'm not trying to elevate the script's rights, I want to drop rights to an isolated user.. Same deal as httpd dropping from root to run as nobody or whatever you have configured. I want $> and $< to both reflect the same non-root value, while before the change both were at 0. Searching on the web I can only find old (2002?) usenet postings about this, with someone mentionning that the AIX system calls will allow changing your Real UID only if you're starting from UID 0 and if you change RUID and EUID at the same time. Any ideas / suggestions on how to do this from perl ? The problem this is causing for us is that the perl script, after switching EUID from 0 to 207 (RUID stays 0), opens a pipe to another perl interpreter (to run a plugin) -- this new perl interpreter sees $> != $< and won't allow -M or -I to be used... any workarounds for this ?? Thanks! Martin Richard

Dropping effective UID under AIX?
	2006-12-22 18:57:07
On Dec 21 2006, Martin Richard wrote: > > I'm not trying to elevate the script's rights, I want to drop rights > to an isolated user.. Same deal as httpd dropping from root to run as nobody > or whatever you have configured. I want $> and $< to both reflect the same > non-root value, while before the change both were at 0. > > Searching on the web I can only find old (2002?) usenet postings about > this, with someone mentionning that the AIX system calls will allow changing > your Real UID only if you're starting from UID 0 and if you change RUID and > EUID at the same time. > > Any ideas / suggestions on how to do this from perl ? POSIX::setuid should work for you since the uid == euid. It should work if you do the assignment at the same time, i.e. ($<, $>) = ($uid) x 2; except I see in the AIX hints files that d_setreuid is undef, presumably because it won't set both on AIX unless uid == euid. But with it unset I don't see how the behaviour could be any better. What happens when you run the above line? I guess only $> gets set? Sorry I can't be much more help without an AIX box to test on. -- Rick Delaney rickbort.ca

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )