On Tue, Nov 22, 2011 at 8:51 AM, Brilliantov Kirill Vladimirovich <[email protected]> wrote: > Hello! > I have use busybox-1.18.4 and I try run daemon on start system with minimal > privilegies. > > Below my code: > #define ERROR(fmt, args...) syslog(LOG_ERR, fmt ": %m", ##args) > int8_t drop_root(const char *user) > { > ERROR("Run %s, user %s", __func__, user); > struct passwd *pwd = NULL; > > if (NULL == (pwd = getpwnam(user))) > return -1; > ERROR("After getpwnam, uid = %d, gid = %d", pwd->pw_uid, > pwd->pw_gid); > > if (setgid(pwd->pw_gid)) { > //ERROR("After setGID"); > return -1; > } > ERROR("After setGID"); > > if (setuid(pwd->pw_uid)) { > //ERROR("After setUID"); > return -1; > } > ERROR("After setUID"); > > return 0; > } > > /etc/init.d/monitor.sh: > PID=/var/run/monitd.pid > DAEMON=monitd > CONFIG=/etc/monitor > USER=monitor > start() > { > start-stop-daemon --quiet --pidfile $PID --background \ > -S --exec $DAEMON -- --config $CONFIG --user $USER > } > > ~ # grep monitor /etc/passwd > monitor:x:100:100:Monitoring daemon:/home/monitor:/bin/false > # grep monitor /etc/group > monitor:x:100:monitor > > If I start daemon manual all OK, but if starting daemon with system - daemon > not running. > Below output in console: > monitor: Run drop_root, user monitor: Success > monitor: After getpwnam, uid = 100, gid = 100: Success > monitor: After setGID: Illegal seek
errno has no meaning after successful calls. It does not stay 0. So, "illegal seek" msg is bogus. (1) uncomment error messages on error paths. your setuid() call seems to fail, and you don't see why. (2) run your program under strace. -- vda _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
