Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I see such logic in many open source projects:
if (setuid() == 0) {
if (setgid(ccf->group) == -1) {
...
if (initgroups(ccf->username, ccf->group) == -1) {
I have 2 questions on this:
initgroups for? IMO,to change gid and uid,setuid() and setgid() will be enough.
Most of the time, system daemons are spawned by init scripts and therefore run as
root. Callingsetuid()andsetgid()allows them to drop their superuser privileges and impersonate another user on the system (generally far less powerful thanroot). That way, bugs and security holes become less lethal to the system.Concerning the second part of your question, initgroups() is called to reinitialize the group access list and add
ccf->groupto the list of groups thatccf->usernamebelongs to. That’s probably done because callingsetgid()is not sufficient for the access rights associated with the new group to be propagated to the process.