Subject: Re: [linux-audio-user] fluidsynth
From: Frank Barknecht (fbar_AT_footils.org)
Date: Mon Apr 14 2003 - 10:34:44 EEST
Hallo,
Guy Clotilde hat gesagt: // Guy Clotilde wrote:
> Anyway, as I'm quite dumb about it, can you enlighten me about what
> it means 'setuid root'? How exactly do I setuid root a prog (I have
> read about the 's' bit)?
Yes, you add the "s"etuid bit by channging the file mode with "chmod
u+s /usr/bin/program" and you get rid of it by "chmod u-s
/usr/bin/program"
> Can I setuid any program (er... is it dangerous)?
It can be dangerous. Most audio software drops the root privileges
after they gained a higher scheduling, but the bigger the sofware, the
easier it is to make mistakes with this. It might be a good idea, to
only allow a certain group of users to run the setuid programs or use
something like "super" to control acess. Using a kernel feature called
capabilities also does reduces the need to "setuid root" larger
programs.
But then, setuid also is something ordinary on Linux. For example, the
/usr/bin/passwd programm is also "setuid root". It allows users to
change their own password and effectifly change a system file like
/etc/passwd. Without higher privileges they couldn't do this.
> Does any program 'setuid root' really run with roots provileges?
Effectivly yes, at least at the start. But as I said, most programs
stop being root on their own with something like the
setuid-C-function, see "man 2 setuid".
ciao
-- Frank Barknecht _ ______footils.org__
This archive was generated by hypermail 2b28 : Mon Apr 14 2003 - 10:45:09 EEST