On Fri, Aug 26, 2005 at 05:25:37PM +0800, Coywolf Qi Hunt wrote: > I just wrote a tool with kernel patch, which is to set the uid's of a running > process without FORK. > > The tool is at http://users.freeforge.net/~coywolf/pub/promote/ > Usage: promote <pid> [uid] > > I once need such a tool to work together with my admin in order to tune my web > configuration. I think it's quite convenient sometimes. > > The situations I can image are: > > 1) root processes can be set to normal priorities, to serve web > service for eg.
Most (if not all) web servers can be told to drop all privileges and run as a normal user. If not, you can use selinux to create a policy for such processes (IIRC that's what Fedora does). > 2) admins promote trusted users, so they can do some system work without > knowing > the password Use sudo for that, it allows even much finer grained control. > 3) admins can `promote' a suspect process instead of killing it. Why would that change anything? You only change a process's UID, nothing else. You don't change things like resource limits, so a process started as root with unlimited limits is still allowed to use those limits. AFAIK setrlimit() can't be used to change resource limits of other processes. Erik -- +-- Erik Mouw -- www.harddisk-recovery.com -- +31 70 370 12 90 -- | Lab address: Delftechpark 26, 2628 XH, Delft, The Netherlands - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
