On Wed, Jan 19, 2005 at 11:47:51AM +0200, Jos Houtman wrote: > Thanks for the reply, I will edit it and post it again.
Please keep the discussion on the list, for the benefit of other users and developers as well as archives and search engines. > I was abit confused about setgroups myself, I took this directly from > the original checkpassword implementation. > Am I right to assume that if there are no supplementary groups, there > is no need to use the setgroups command? As long as you do setgid() or setregid() there's not much point in calling setgroups() with the same gid. > I'am even more lost about the difference between setreuid and setuid. > There is a mentioning of real uid and effective uid. > Should I see that as followed? > I really am root(real uid) but I run this process as > nobody(effective uid). > > And the difference between setuid and setreuid would then be, that > setuid only allows you to change the effective uid. and setreuid > allows you to change both? Correct. On reading the setuid() man page a little better I see that at least in Linux, setuid() will automatically set real and saved uids as well as the effective uid when the caller effective uid is root, but I'm not sure if that can be relied on for other platforms. //Peter
