/usr/local/etc/rc.d/ scripts and non-root user

Alex Zbyslaw xfb52 at dial.pipex.com
Wed Feb 6 17:19:16 UTC 2008


Zbigniew Szalbot wrote:

>I have never really understood the thing about setuids, gid and etc. :)
>I am not planning a restart so won't try it but I am pretty sure that
>logs are created by root unless the api is started manually. No big
>deal really but thanks for all the suggestions!
>  
>
It's very simple really.  When you run a program it always runs as the 
user who you are right now.  So if you are zbigniew a program you 
execute runs as you.  If you have su'ed or logged in as root, it runs as 
root.

In order to run the program, the user who you are must have the right 
permissions - i.e. they must have an x bit set.  If the program file is 
owned by the same user as who you are, then you look at the first 3 
permissions bits; otherwise if you are in the same group as the program 
file you look at the next three bits; everyone else looks at the last 
three bits.  (Bits as in pieces, not as in 1/8th of a byte).

Some programs need to run as specific users or with a specific group.  
E.g. shutdown must run as root.  You make the file owned by root and set 
the setuid bit.  The permissions might then look like:

    root wheel  r-s-r-x--- shutdown

The s replaces the x to show that the file is both executable by root 
and setuid.

Both root and anyone in group wheel can now run shutdown. and the setuid 
bit says that *whoever* runs the program will run it as if they were root.

It's very similar for groups.

hth,

--Alex



More information about the freebsd-questions mailing list