Aunc.1681 net.unix-wizards utzoo!decvax!duke!unc!smb Sat Jan 9 00:30:13 1982 Swapping userids The simplest scheme I've heard of is the "schizo" system call, which swaps the real and effective uids and gids. That allows a process to resume the original permissions, open a file, and then regain its privileged status. A separate question is what to do when a setuid program wants to run another setuid program, especially mkdir. 4BSD (and I think some other flavors of UNIX) allow setuid(geteuid()); that permits a child process to assume the appropriate permissions before execing to the second setuid program. A typical case would be Version B netnews needing to create a subdirectory of a protected directory owned by 'news'. An idea I've heard, and which doesn't have any obvious flaws (to me, at least -- but my mind isn't as twisty as some folks'), is to set the real uid to the old effective uid when execing a setuid program; in effect, that permits automatic and unlimited stacking of permissions. But that doesn't answer Lauren's original question. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.