Re: [jetty-users] libsetuid.so

[Martin Edge]

! Wrong package, should have paid more attention to the nm -D output (and 
realised the package name was important).
Thanks for your help though.

-medge

From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] 
On Behalf Of Martin Edge
Sent: Tuesday, 4 March 2014 15:36
To: JETTY user mailing list
Subject: Re: [jetty-users] libsetuid.so

Ok. Thanks for the links I used the tool chain one for my initial work. 
Obviously I am missing something, but I can't see what it is.


Firstly overridden doStart() with:

    @Override
    public void doStart() throws Exception {
        super.doStart();
        String os = System.getProperty("os.name").toLowerCase();
        if (!os.contains("win")) { <-- IE we are not testing on our development 
machines.
            if (gid != 0) {
                SetUID.setgid(gid); // <-- Fails her
            }
            if (uid != 0) {
                SetUID.setuid(uid);
                Passwd pw = SetUID.getpwuid(uid);
                System.setProperty("user.name", pw.getPwName());
                System.setProperty("user.home", pw.getPwDir());
            }
        }
    }

I grabbed the source for setuid (etc) and cut setuid down to this (As we are 
running this on linux only):

package au.edu.satac.utilities.setuid;

import au.edu.satac.business.utilities.SATACLogger;
import au.edu.satac.business.utilities.SLogger;
import au.edu.satac.utilities.SATACWebConfig;
import java.io.File;

/**
* Class is for changing user and groupId, it can also be use to retrieve user
* information by using getpwuid(uid) or getpwnam(username) of both linux and
* unix systems
*/
public class SetUID {

    private static final SLogger logger = SATACLogger.getLogger(SetUID.class);

    public static final String FILENAME = "libsetuid";

    public static final int OK = 0;
    public static final int ERROR = -1;

    public static native int setumask(int mask);
    public static native int setuid(int uid);
    public static native int setgid(int gid);
    public static native Passwd getpwnam(String name) throws SecurityException;
    public static native Passwd getpwuid(int uid) throws SecurityException;
    public static native Group getgrnam(String name) throws SecurityException;
    public static native Group getgrgid(int gid) throws SecurityException;
    public static native RLimit getrlimitnofiles();
    public static native int setrlimitnofiles(RLimit rlimit);

    private static void loadLibrary() {
        String setuidLib = "/usr/local/satacweb/lib/libsetuid-linux-1.0.0.so";
        // String setuidLib = SATACWebConfig.getConfig().getSetUIDLib();  // 
Ready to some sort of dynamic mapping
        if(setuidLib!=null) {
            File f = new File(setuidLib);
            if(f.exists()) {
                System.load(setuidLib);
                // Runtime.getRunTime().load(setuidLib);
            } else {
                logger.fatal(setuidLib + " not found");
            }
       } else {
            logger.info("SetUID lib isn't set");
        }
    }

    static {
        loadLibrary();
    }

}


I've cut the whole thing down even more into a test case:

package au.edu.satac;

import au.edu.satac.utilities.setuid.SetUID;

/**
*
* @author satmje
*/
public class MainClass {
    public static void main(String[] args) {
        SetUID.setuid(1001);
    }
}

And (the  supporting classes are unchanged)

package au.edu.satac.utilities.setuid;

public class SetUID {

    public static final String FILENAME = "libsetuid";

    public static final int OK = 0;
    public static final int ERROR = -1;

    public static native int setumask(int mask);
    public static native int setuid(int uid);
    public static native int setgid(int gid);
    public static native Passwd getpwnam(String name) throws SecurityException;
    public static native Passwd getpwuid(int uid) throws SecurityException;
    public static native Group getgrnam(String name) throws SecurityException;
    public static native Group getgrgid(int gid) throws SecurityException;
    public static native RLimit getrlimitnofiles();
    public static native int setrlimitnofiles(RLimit rlimit);

    private static void loadLibrary() {
       System.load("/usr/local/satacweb/lib/libsetuid-linux-1.0.0.so");
       // 
Runtime.getRuntime().load("/usr/local/satacweb/lib/libsetuid-linux-1.0.0.so");
    }

    static {
        loadLibrary();
    }

}


From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] 
On Behalf Of Joakim Erdfelt
Sent: Tuesday, 4 March 2014 14:58
To: JETTY user mailing list
Subject: Re: [jetty-users] libsetuid.so

ok, let me try this again...

HOW are you attempting/doing this? details please.
Code snippets?
Project structure?
Installed structure?
All of the various relevant paths (class/lib/security/os/etc)?
Environment details at runtime?
Java details?
Your artifacts details?
Your dependency details?
etc...


--
Joakim Erdfelt <joa...@intalio.com<mailto:joa...@intalio.com>>
webtide.com<http://www.webtide.com/> - 
intalio.com/jetty<http://intalio.com/jetty>
Expert advice, services and support from from the Jetty & CometD experts
eclipse.org/jetty<http://eclipse.org/jetty/> - cometd.org<http://cometd.org/>

On Mon, Mar 3, 2014 at 8:02 PM, Martin Edge 
<martin.e...@satac.edu.au<mailto:martin.e...@satac.edu.au>> wrote:
Open port 80 as root and them su to a lower privileged user.

From: jetty-users-boun...@eclipse.org<mailto:jetty-users-boun...@eclipse.org> 
[mailto:jetty-users-boun...@eclipse.org<mailto:jetty-users-boun...@eclipse.org>]
 On Behalf Of Joakim Erdfelt
Sent: Tuesday, 4 March 2014 13:27
To: JETTY user mailing list
Subject: Re: [jetty-users] libsetuid.so

Can you provide more details on what you are trying to do?
As mixing libsetuid.so and jetty embedded would be a first.

--
Joakim Erdfelt <joa...@intalio.com<mailto:joa...@intalio.com>>
webtide.com<http://www.webtide.com/> - 
intalio.com/jetty<http://intalio.com/jetty>
Expert advice, services and support from from the Jetty & CometD experts
eclipse.org/jetty<http://eclipse.org/jetty/> - cometd.org<http://cometd.org/>

On Mon, Mar 3, 2014 at 6:24 PM, Martin Edge 
<martin.e...@satac.edu.au<mailto:martin.e...@satac.edu.au>> wrote:
Having trouble running this in an embedded environment.  It is finding the 
file, but reporting "UnsatisfiedLinkError"
Using jetty 9.1.2 on Linux.

Has anyone got this working, or does everyone use redirects?


Medge
Database and Applications Administrator
_______________________

[SATAC_Signature]

Telephone (08) 8224 4045
Facsimile (08) 8224 4099

www.satac.edu.au <http://www.satac.edu.au/>




This email message is intended only for the addressee(s) and
contains information that may be confidential and/or copyright.
If you are not the intended recipient please notify the sender
by reply email and immediately delete this email. Use, disclosure
or reproduction of this email by anyone other than the intended
recipient(s) is strictly prohibited. No representation is made that
this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.


_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org<mailto:jetty-users@eclipse.org>
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org<mailto:jetty-users@eclipse.org>
https://dev.eclipse.org/mailman/listinfo/jetty-users

<<inline: image001.gif>>

_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
https://dev.eclipse.org/mailman/listinfo/jetty-users