In the main.c file, there is a comment saying that 'we need to open fifo before do_suid() and start the fifo server after all the socket are initialized, to inherit them'. I'm wondering why SER has to do it like that.
Can't SER lower its privileges first (do_suid), then open fifo and start the fifo server? The reason being that I want to run SER with an unprivileged user. With the current implementation, the fifo file will be created by root which is not accessible to anyone else. Unless I change the fifo_mode to 0666, which I don't want to, I can't make SER more secure and yet accessible.
I've tried to move the do_suid() before init_fifo_server() and compile successfully. The server can run as ser:apache with fifo_mode set to 0660. That way, my Apache server can talk to SER yet limiting other user directly talking to SER via serctl. However, I would like to know the reason why it is implemented the way it is now. Maybe I'm not insightful to see the obviously reason.
Also, will unix_sock get something like unix_sock_mode in the future?
Zeus Ng
********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error, you are prohibited from reading, copying, distributing and using the information. Please contact the sender immediately by return email and destroy the original message. ******************************************************************
On Apr 28, 2004 at 01:03, Zeus Ng zeus.ng@isquare.com.au wrote:
In the main.c file, there is a comment saying that 'we need to open fifo before do_suid() and start the fifo server after all the socket are initialized, to inherit them'. I'm wondering why SER has to do it like that.
You are using unstable (cvs HEAD branch). Since this is a moving target, you should send mails realted to it on serdev@lists.iptel.org. serusers is about stable.
Can't SER lower its privileges first (do_suid), then open fifo and start the fifo server? The reason being that I want to run SER with an unprivileged user. With the current implementation, the fifo file will be created by root which is not accessible to anyone else. Unless I change the fifo_mode to 0666, which I don't want to, I can't make SER more secure and yet accessible.
Check out the latest cvs (from yesterday). Paste from the NEWS file: sock_mode = <permissions> (e.g. sock_mode=0600: default value = 0660) ser unix sockets and fifo will be created with this permissions (old name fifo_mode is still supported, but deprecated) sock_user = username|"uid" sock_group = groupname|"gid" change the owner and/or group of the ser unix sockets or fifo Short example config snippet: sock_mode=0600 # ser socket/fifo mode sock_user="www-data" # ser socket/fifo owner sock_group=nogroup user=nobody # ser user (ser will suid to it)
sock_* is synonim to fifo_* (e.g. sock_mode=0600 will be applied both to fifo and unix sockets).
Andrei
-
Andrei Pelinescu-Onciul -
Zeus Ng