Villy Kruse wrote:
> In addition, on AIX you can't ever change real user id, unless you also
> set effective and saved uid to the same user id at the same time and
> thereby dropping all superuser privileges and any hope of ever changing
> back to the original user id. Thus setreuid() won't allow you to change
> the real user id either without setting the effective uid at the same time.
Many years ago, there was a heated battle about this on comp.unix.aix.
Apparently, there is an undocumented system call which does what you
want (There would have to be since this is a necessary function). The
IBMer steadfastly refused to release the interface details, while others
expressed their candid opinions of this policy. I remember that the
piece of software in question at the time was wu-ftpd.
Here is a potentially useful (not sure since I don't know what LPRng is
trying to do) note I found in Google Groups by searching for 'setreuid
"comp.unix.aix"':
---------------------
From: Lucien W. Van Elsen ([EMAIL PROTECTED])
Subject: Re: setreuid() broken?
Newsgroups: comp.unix.aix
Date: 1992-07-27 03:38:46 PST
[EMAIL PROTECTED] (Guy Middleton) writes:
> Sorry if this has been mentioned here before, but I just started
reading this
> newsgroup. setreuid() doesn't seen to work right: ...
> This is crazy. If my uid and euid are 0, how could I possibly get an
> EPERM error?
> Is there any way to get this to do what I expect?
You cannot change the effective UID without changing the real uid as
well; this is documented in the setreuid "man page". Theoretically, to
do want you want, you'd use setuidx(ID_REAL|ID_EFFECTIVE,200)). A
similar call later on can set the real and effective uid's back to 0,
since the saved uid is still 0.
However, there is a problem with this that Charles Hannum
([EMAIL PROTECTED]) reported while back; I do not know whether it has
been resolved it. Apparently, setuidx() "does not change priviledge
vectors" as setuid and seteuid do, which still allows the process to
access files as if it were root. Unfortunately, unless it has been
fixed, you can't get the effect you wish.
-Lucien
----------------------------------------------------------------------------
Lucien Van Elsen | [EMAIL PROTECTED]
MIT Athena Systems Development |
---------------------
--
|Rick Cochran phone: 607-255-7618|
|Cornell CIT - Systems & Operations - Net-Print FAX: 607-255-8521|
|730 Rhodes Hall, Ithaca, N.Y. 14853 email: [EMAIL PROTECTED]|
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
