Stefan,
First I want to say I really like your program. We work in a small group of 5 database administrators, and this is exactly what we need to inform each other. Elog is simple but very functional, so thanks!
My problem is that I don't have root access to the HP-UX machines. We don't run elogd as root, so I wasn't really interested in the seteuid functionality, I just wanted to compile and run the program.
HP-UX doesn't have the "seteuid" and "setegid" functions. But there are "setuid+setgid", "setreuid+setregid" and "setresuid+setresgid" functions available. I'm not sure which one is the best to use. I uploaded the manpages as attachment. I hope this will help you.
If you want I can do a compile and run test on HP-UX with your altered source code. But I can't do a test with "root".
| Stefan Ritt wrote: | I applied most of your patches to the elog source code, SVN revision 1885. The only missing piece has to do with seteuid/setuid. I definitively need seteuid for linux, because elogd might be started under root, then it falls back to an optional elog user. But when it stops, it has to restore the original root user in order to delete the PID file (/var/run/elogd.pid) which was created under root. If seteuid does not exist under HP-UX, you should add something like
#ifdef HP-UX
setuid(...)
#else
seteuid(...)
#endif
Probably the HP-UX has to be something else, but I cannot test this since I don't have such an OS here. Once you get this working I can put it into the standard distribution. |
|
setresuid(2) setresuid(2)
NAME
setresuid, setresgid - set real, effective, and saved user and group
IDs
SYNOPSIS
#include <unistd.h>
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
DESCRIPTION
setresuid() sets the real, effective and/or saved user ID of the
calling process.
If the current real, effective or saved user ID is equal to that of a
user having appropriate privileges, setresuid() sets the real,
effective and saved user IDs to ruid, euid, and suid, respectively.
Otherwise, setresuid() only sets the real, effective, and saved user
IDs if ruid, euid, and suid each match at least one of the current
real, effective, or saved user IDs.
If ruid, euid, or suid is -1, setresuid() leaves the current real,
effective or saved user ID unchanged.
setresgid() sets the real, effective and/or saved group ID of the
calling process.
If the current real, effective or saved user ID is equal to that of a
user having appropriate privileges, setresgid() sets the real,
effective, and saved group ID to rgid, egid, and sgid, respectively.
Otherwise, setresgid() only sets the real, effective and saved group
ID if rgid, egid, and sgid each match at least one of the current
real, effective or saved group ID.
If rgid, egid, or sgid is -1, setresgid() leaves the current real,
effective or saved group ID unchanged.
Security Restrictions
Some or all of the actions associated with this system call require
the PRIV_CHSUBJIDENT privilege (CHSUBJIDENT). Processes owned by the
superuser will have this privilege. Processes owned by other users
may have this privilege, depending on system configuration. See
privileges(5) for more information about privileged access on systems
that support fine-grained privileges.
RETURN VALUE
Upon successful completion, setresuid() and setresgid() return 0;
otherwise, they return -1 and set errno to indicate the error.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: May 2005
setresuid(2) setresuid(2)
ERRORS
setresuid() and setresgid() fail if any of the following conditions
are encountered:
[EINVAL] ruid, euid, or suid (rgid, egid, or sgid) is not a
valid user (group) ID.
[EPERM] None of the conditions above are met.
AUTHOR
setresuid() and setresgid() were developed by HP.
SEE ALSO
exec(2), getuid(2), setuid(2).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: May 2005
|