Zbigniew Szalbot wrote:

I have never really understood the thing about setuids, gid and etc. :)
I am not planning a restart so won't try it but I am pretty sure that
logs are created by root unless the api is started manually. No big
deal really but thanks for all the suggestions!
It's very simple really. When you run a program it always runs as the user who you are right now. So if you are zbigniew a program you execute runs as you. If you have su'ed or logged in as root, it runs as root.

In order to run the program, the user who you are must have the right permissions - i.e. they must have an x bit set. If the program file is owned by the same user as who you are, then you look at the first 3 permissions bits; otherwise if you are in the same group as the program file you look at the next three bits; everyone else looks at the last three bits. (Bits as in pieces, not as in 1/8th of a byte).

Some programs need to run as specific users or with a specific group. E.g. shutdown must run as root. You make the file owned by root and set the setuid bit. The permissions might then look like:

   root wheel  r-s-r-x--- shutdown

The s replaces the x to show that the file is both executable by root and setuid.

Both root and anyone in group wheel can now run shutdown. and the setuid bit says that *whoever* runs the program will run it as if they were root.

It's very similar for groups.



freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to