On Sun, 3 Aug 2003, Ryan Underwood wrote: > Okay, I figured out what is going on. > > I have a daemon (BBS server) that is spawned from an init script, and > when a user accesses a DOS program in the BBS, it forks off DOSEMU to > redirect the comport I/O to the user. > > The problem occurs when: > 1) The daemon is run with root privileges > 2) The daemon's init script is run through a `sudo`. > > The latter is common since the sysop might use sudo to either restart > the BBS, or to apt-get upgrade (which will restart the daemon as part of > its process). DOSEMU checks to the "real" uid, drops privileges to the > real uid, and then can no longer access the files which have root > permissions.
This is a way to avoid suid-root on dosemu.bin and let sudo manage much of the security that used to be done by dosemu.users settings. Sudo is much more reliable than DOSEMU security wise (better audits and so on). Look at the file named "INSTALL" for a possible setup. > So it fails starting the user's requested program for > seemingly no reason. However, when done a `su - root` and then running > the init script, there is no problem, since the real login is root that > time. > > I explored various stupid hacks in the privilege code, but I just > thought I would ask if anyone has a better idea how to use sudo with > dosemu. This is a little bit of a pain! using it twice, like sudo sudo dosemu should work around it. The script user then needs to be able to gain absolute (unlimited) root using sudo however (i.e. able to run "sudo bash"), and not just the permission to execute dosemu.bin with "root". Bart - To unsubscribe from this list: send the line "unsubscribe linux-msdos" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
