Thank you for reply. So, seteuid/gid isn't enough to gain group access as for real uid. But how i can achieve this? What functions should i call from 'theprog' to gain access for the groups euid user belongs to?
May be i solve the problem in wrong way? The full problem is: There is a file owned by group filegroup: rw-rw---- someone:filegroup thefile There is a programs data owned by group proggroup: rw-rw---- someone2:proggroup progdata I need a program (theprog) that can access 'thefile' and 'progdata' simultaneously. Program can be executed by anyone. My idea was to seteuid theprog to user who is memeber of one group (filegroup) and setegid theprog to another group (proggroup). In that way i was going to give theprog rights to work with both files. P.S. I don't want to use file ACLs. Saturday, November 28, 2009, 9:28:03 PM, you wrote: >> >> Hello, >> >> I face some misunderstood situation related to the access permissions. >> >> >> There is a program(script) with the suid/sgid (mode 6555): >> >> r-sr-sr-x fuser:proggroup theprog >> >> There is a file: >> rw-rw---- someone:filegroup thefile >> >> >> User 'fuser' (==program euid) have primary group 'filegroup'(==group, >> who can read/write thefile). >> >> Program try to read(write) thefile and fail with permissions. >> >> I don't fully understand why. CR> There is no bug; when you use the suid/sgid facility, the program CR> gains the effective user ID and/or the effective GID of the executable. CR> It does *not* gain any gids which the effective user is added to at CR> login. CR> man seteuid for more info. CR> In what you have shown, theprog has neither the same user (fuser vs. CR> someone) nor the same group (proggroup vs. filegroup) as the file you CR> want it to modify. CR> For what you want to do to work correctly, you would need to either CR> make theprog's ownership be: CR> anyuser:filegroup CR> or CR> fuser:proggroup CR> -- Clifton -- Best regards, Anthony mailto:a...@mail.ru _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
