From owner-freebsd-questions Sat Nov 30 15:57:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4422F37B401 for ; Sat, 30 Nov 2002 15:57:46 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9236843EA9 for ; Sat, 30 Nov 2002 15:57:41 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.6/8.12.6) with ESMTP id gAUNvNOR049855 for ; Sat, 30 Nov 2002 23:57:23 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.6/8.12.6/Submit) id gAUNvIwd049854 for questions@FreeBSD.ORG; Sat, 30 Nov 2002 23:57:18 GMT Date: Sat, 30 Nov 2002 23:57:18 +0000 From: Matthew Seaman To: questions@FreeBSD.ORG Subject: Re: login.conf problem Message-ID: <20021130235718.GB29160@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , questions@FreeBSD.ORG References: <3D9FE7F600007EA7@cpfe5.be.tisc.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D9FE7F600007EA7@cpfe5.be.tisc.dk> User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01, USER_AGENT,USER_AGENT_MUTT version=2.43 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Nov 30, 2002 at 08:41:31PM +0100, dslb@tiscali.dk wrote: > On 2002.11.30 18:24 Matthew Seaman wrote: > > Hmmm... How about if you actually login as test or use 'su -l test' > > rather than > > just using 'su test' ? > Jep, now it works! Thanks :-) > But that would say: If you program a daemon and root starts it, even though > it drops permissions with setreuid(), it still have the root ressource permissions....!?!?! Yes, quite. login.conf(5) is a configuration file for the login(1) program. Changing to a new UID by other means is not guarranteed to be within the scope of what it provides. > Sadly there is no easy way to drop ressource limits or is there? I know > you can use setrlimit(), but you would have to fill in all fields and thereby > not using the admins login.conf setup. See login_class(3) and login_cap(3). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message