From owner-freebsd-questions@FreeBSD.ORG Wed Feb 6 17:19:15 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F18C216A468 for ; Wed, 6 Feb 2008 17:19:15 +0000 (UTC) (envelope-from xfb52@dial.pipex.com) Received: from mk-outboundfilter-1.mail.uk.tiscali.com (mk-outboundfilter-1.mail.uk.tiscali.com [212.74.114.37]) by mx1.freebsd.org (Postfix) with ESMTP id 74CE313C459 for ; Wed, 6 Feb 2008 17:19:15 +0000 (UTC) (envelope-from xfb52@dial.pipex.com) X-Trace: 35223585/mk-outboundfilter-1.mail.uk.tiscali.com/PIPEX/$MX-ACCEPTED/pipex-infrastructure/62.241.162.31 X-SBRS: None X-RemoteIP: 62.241.162.31 X-IP-MAIL-FROM: xfb52@dial.pipex.com X-IP-BHB: Once X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CAJZ6qUc+8aIf/2dsb2JhbACtXQ X-IP-Direction: IN Received: from galaxy.systems.pipex.net ([62.241.162.31]) by smtp.pipex.tiscali.co.uk with ESMTP; 06 Feb 2008 17:19:14 +0000 Received: from [192.168.23.2] (62-31-10-181.cable.ubr05.edin.blueyonder.co.uk [62.31.10.181]) by galaxy.systems.pipex.net (Postfix) with ESMTP id D36EAE000098; Wed, 6 Feb 2008 17:19:13 +0000 (GMT) Message-ID: <47A9EC0D.7030109@dial.pipex.com> Date: Wed, 06 Feb 2008 17:19:09 +0000 From: Alex Zbyslaw User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20061205 X-Accept-Language: en MIME-Version: 1.0 To: Zbigniew Szalbot References: <94136a2c0802060751o7952c2f8w639139271c946e98@mail.gmail.com> <47A9E568.9040406@dial.pipex.com> <94136a2c0802060857k25e55a5bw4c7743cc05dae6bd@mail.gmail.com> In-Reply-To: <94136a2c0802060857k25e55a5bw4c7743cc05dae6bd@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions Subject: Re: /usr/local/etc/rc.d/ scripts and non-root user X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 17:19:16 -0000 Zbigniew Szalbot wrote: >I have never really understood the thing about setuids, gid and etc. :) >I am not planning a restart so won't try it but I am pretty sure that >logs are created by root unless the api is started manually. No big >deal really but thanks for all the suggestions! > > It's very simple really. When you run a program it always runs as the user who you are right now. So if you are zbigniew a program you execute runs as you. If you have su'ed or logged in as root, it runs as root. In order to run the program, the user who you are must have the right permissions - i.e. they must have an x bit set. If the program file is owned by the same user as who you are, then you look at the first 3 permissions bits; otherwise if you are in the same group as the program file you look at the next three bits; everyone else looks at the last three bits. (Bits as in pieces, not as in 1/8th of a byte). Some programs need to run as specific users or with a specific group. E.g. shutdown must run as root. You make the file owned by root and set the setuid bit. The permissions might then look like: root wheel r-s-r-x--- shutdown The s replaces the x to show that the file is both executable by root and setuid. Both root and anyone in group wheel can now run shutdown. and the setuid bit says that *whoever* runs the program will run it as if they were root. It's very similar for groups. hth, --Alex