Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

privileges::drop(3pm) [debian man page]

Privileges::Drop(3pm)					User Contributed Perl Documentation				     Privileges::Drop(3pm)

NAME

       Privileges::Drop - A module to make it simple to drop all privileges, even POSIX groups.

DESCRIPTION

       This module tries to simplify the process of dropping privileges. This can be useful when your Perl program needs to bind to privileged
       ports, etc. This module is much like Proc::UID, except that it's implemented in pure Perl.  Special care has been taken to also drop saved
       uid on platforms that support this, currently only test on on Linux.

SYNOPSIS

	 use Privileges::Drop;

	 # Do privileged stuff

	 # Drops privileges and sets euid/uid to 1000 and egid/gid to 1000.
	 drop_uidgid(1000, 1000);

	 # Drop privileges to user nobody looking up gid and uid with getpwname
	 # This also set the environment variables USER, LOGNAME, HOME and SHELL.
	 drop_privileges('nobody');

METHODS

       drop_uidgid($uid, $gid, @groups)
	   Drops privileges and sets euid/uid to $uid and egid/gid to $gid.

	   Supplementary groups can be set in @groups.

       drop_privileges($user)
	   Drops privileges to the $user, looking up gid and uid with getpwname and calling drop_uidgid() with these arguments.

	   The environment variables USER, LOGNAME, HOME and SHELL are also set to the values returned by getpwname.

	   Returns the $uid and $gid on success and dies on error.

	   NOTE: If drop_privileges() is called when you don't have root privileges it will just return undef;

NOTES

       As this module only uses Perl's built-in functions, it relies on them to work correctly. That means setting $GID and $EGID should also call
       setgroups(), something that might not have been the case before Perl 5.004. So if you are running an older version, Proc::UID might be a
       better choice.

AUTHOR

       Troels Liebe Bentsen <tlb@rapanden.dk>

COPYRIGHT

       Copyright(C) 2007-2009 Troels Liebe Bentsen

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2012-03-10						     Privileges::Drop(3pm)

Check Out this Related Man Page

setuid(2)							System Calls Manual							 setuid(2)

NAME

       setuid(), setgid() - set user and group IDs

SYNOPSIS

DESCRIPTION

       sets  the  real-user-ID	(ruid), effective-user-ID (euid), and/or saved-user-ID (suid) of the calling process.  If the Security Containment
       product is installed, these interfaces treat a process observing as a privileged process.  Otherwise, only processes with an euid  of  zero
       are treated as privileged processes.  See privileges(5) for more information on Security Containment and fine-grained privileges.

       The following conditions govern setuid's behavior:

	      o  If the process is privileged, sets the ruid, euid, and suid to uid.

	      o  If  the  process is not privileged and the argument uid is equal to the ruid or the suid, sets the euid to uid; the ruid and suid
		 remain unchanged.  (If a set-user-ID program is not running as superuser, it can change its euid to  match  its  ruid	and  reset
		 itself to the previous euid value.)

	      o  If the process is not privileged, the argument uid is equal to the euid, and the calling process has the privilege, sets the ruid
		 to uid; the euid and suid remain unchanged.

       sets the real-group-ID (rgid), effective-group-ID (egid), and/or saved-group-ID (sgid) of the calling process.	The  following	conditions
       govern behavior:

	      o  If the process is privileged, sets the rgid and egid to gid.

	      o  If  the  process is not privileged and the argument gid is equal to the rgid or the sgid, sets the egid to gid; the rgid and sgid
		 remain unchanged.

	      o  If the process is not privileged, the argument gid is equal to the egid, and the calling process has the privilege, sets the rgid
		 to gid; the egid and sgid remain unchanged.

   Security Restrictions
       Some  or  all of the actions associated with this system call require the privilege.  Processes owned by the superuser have this privilege.
       Processes owned by other users may have this privilege, depending on system configuration.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion, and return 0; otherwise, they return -1 and set to indicate the error.

ERRORS

       and fail and return -1 if any of the following conditions are encountered:

	      None of the conditions above are met.

	      uid	     (gid) is not a valid user (group) ID.

WARNINGS

       It is recommended that the capability be avoided, as it is provided for backward compatibility.	This feature may be  modified  or  dropped
       from future HP-UX releases.  When changing the real user ID and real group ID, use of and (see setresuid(2)) is recommended instead.

AUTHOR

       was developed by AT&T, the University of California, Berkeley, and HP.

       was developed by AT&T.

SEE ALSO

       exec(2), getuid(2), setresuid(2), privileges(5).

STANDARDS CONFORMANCE

																	 setuid(2)
Man Page