Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Aug 1998 08:38:50 -0700 (PDT)
From:      David Wolfskill <dhw@whistle.com>
To:        A.Nati@cisco.it, brandon@engulf.net
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: system ("makemap") error...
Message-ID:  <199808061538.IAA24245@pau-amma.whistle.com>
In-Reply-To: <3.0.1.32.19980806144443.006cd6f4@posta.cisco.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
>Date: Thu, 06 Aug 1998 14:44:43 +0200
>From: Antonio Nati <A.Nati@cisco.it>

>In 08.02 06/08/98 -0400, hai scritto:
>>How are you SU'ing it to root?

>In my case it decides it has not the correct uid.
>Changing the owner of "/etc/virtusertable.db" to httpd's uid makes all the
>joke work.

>Now I'm wondering about:

>1) does "system ()" pass the su'ed uid to the executed command?

No; it's not system()'s job to do that.  I believe it's the kernel's job
(via exec() & friends) to do it; I'm sure someone will provide necessary
correction.  :-}

What's hurting you, I expect, is that you're specifying that the output
should be created via (shell) redirection, and *that* is done by the
calling environment (shell, httpd, whatever), well before exec() has a
chance to do anything at all -- recall that when the program *starts*,
it already has stdout opened....

This is the same kind of issue that (somewhat) limits the functionality
of (say) "sudo":  if /etc/foo is a root-owned file, mode 500 (say), you
can't (as a "normal" user) issue
	sudo cat /etc/termcap >/etc/foo

for exactly the same reason -- the ">/etc/foo" is handled by the shell
before sudo gets invoked, and you don't have permission to scribble on
the file.  (Similarly, if /hidden is a root-owned directory, mode 700,
you can't do a "sudo cd /hidden"; it actually doesn't really make any
sense, since "cd" is a shell built-in, since it is used to merely
maintain a figment of the shell's imagination -- that being the notion
of your "current working directory.)

>2) is it correct that makemap checks getuid and not instead geteuid?

Based on the above, I don't think that's relevant.

david
-- 
David Wolfskill		UNIX System Administrator
dhw@whistle.com		voice: (650) 577-7158	pager: (650) 371-4621

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808061538.IAA24245>