DragonFly users List (threaded) for 2008-06
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: OT: setrlimit equivalent to prevent unlink or truncate
Johannes Hofmann wrote:
> Yes, the latter. In a program I want to exec another binary with
> limited privileges.
The traditional UNIX way is to exec that other binary as
an unprivileged user, e.g. "nobody". The problem is that
you must be root to call setuid() in the first place.
You can use sudo(8) or super(1) for that purpose.
Of course the problem could be solved in a much better
way with mandatory access control (MAC), which requires
appropriate support from the OS.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]