On Mon, 04 Jan 2010 21:30:31 -0800, cassiope wrote: > One more tidbit observed: my last note, that it works when using > seteuid/setegid? > Well - that only applies if the daemon is running under strace (!). > It fails > if started directly by root, or if the strace session has ended, > leaving the > main body of the daemon running in its normal headless manner. > > I wonder if running under "strace -f" - might setegid/seteuid be > prevented from > having their normal effect?
Possibly. The ptrace() syscall on which strace depends will fail if you try to trace a "privileged" process and you aren't root, so it's possible that a ptrace()d process will refuse to become privileged. Here, "privileged" includes a process which has changed any of its UIDs or GIDs (this prevents a normal user from tracing, killing, etc an otherwise privileged process which has switched to the user's UID for the time being). -- http://mail.python.org/mailman/listinfo/python-list