From owner-freebsd-arch@FreeBSD.ORG Thu May 28 04:48:19 2009 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F8661065670; Thu, 28 May 2009 04:48:19 +0000 (UTC) (envelope-from kmsujit@gmail.com) Received: from mail-pz0-f105.google.com (mail-pz0-f105.google.com [209.85.222.105]) by mx1.freebsd.org (Postfix) with ESMTP id 1C4918FC14; Thu, 28 May 2009 04:48:18 +0000 (UTC) (envelope-from kmsujit@gmail.com) Received: by pzk3 with SMTP id 3so786942pzk.3 for ; Wed, 27 May 2009 21:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=wf+9L2LbKLtebMdLFKURaW5Wd28AE3mrwHc+zJ86lI8=; b=iO5oR1hNRdoUkXltBw7NDDZbrjDVRhZ1Tp4sNkZWSFKAy179Yu6VEYi1Sd7j6iH7Dg VFSOl+sFCI1fIz8viyhg303bIi5hpQCGpfPBARxagthHNb3vTnYlQ6Cj+ulzLZaA9UcZ 17JW1viXk/SokrgCkUURVjo9iHDVwW6NVxyro= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Tn4j1SpT4seFeb+aYaOqGNRP+NrGaRRFYIY3IC2viRIrJJnp1cbg1OQ18+lNzAASa8 Frv5lN+gsC7IYzPGlRVcvX9zH5nz0v0iz+XurU9JO0KG4wwmxr+Afr/hgXyQep58mcqk GdPEmqXq6/V82VJHwsr+MgcwSdQuJTY7Ws5ro= MIME-Version: 1.0 Received: by 10.110.63.17 with SMTP id l17mr24266tia.36.1243486097835; Wed, 27 May 2009 21:48:17 -0700 (PDT) In-Reply-To: <74fe56020905272133r3f2ab491t962c6d0fe900e9d0@mail.gmail.com> References: <20090528000147.GB3704@isilon.com> <74fe56020905271931l4c8d4677h3bbcce6d8c8a8605@mail.gmail.com> <20090528024640.GC9388@isilon.com> <74fe56020905272039h6aed0724u38dbc25d0a1be6a7@mail.gmail.com> <20090528041236.GA14687@isilon.com> <74fe56020905272133r3f2ab491t962c6d0fe900e9d0@mail.gmail.com> Date: Thu, 28 May 2009 10:18:17 +0530 Message-ID: <74fe56020905272148q680cdc05tb572d576a4c3ff2b@mail.gmail.com> From: Sujit K M To: Zachary Loafman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: steven.danneman@isilon.com, freebsd-arch@freebsd.org Subject: Re: pthread_setugid_np X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 04:48:19 -0000 As per the Apple Documentation: In some cases it is helpful to impersonate the user, at least as far as the permissions checking done by the BSD subsystem of the kernel. A single-threaded daemon can do this using seteuid and setegid. These set the effective user and group ID of the process as a whole. This will cause problems if your daemon is using multiple threads to handle requests from different users. In that case you can set the effective user and group ID of a thread using pthread_setugid_np. This was introduced in Mac OS X 10.4. (AT) http://developer.apple.com/technotes/tn2005/tn2083.html I think this is a part of the BSD (Mach) subsystem.