filepro and file permissions
Fairlight
fairlite at fairlite.com
Fri Apr 27 15:54:27 PDT 2007
Y'all catch dis heeyah? Bob Stockler been jivin' 'bout like:
>
> ISFAIK, filePro programs are SUID (set user ID) the user "filepro"
> (or whomever is the owner of the filePro binary).
>
> A user using them on UNIX will execute them with the EUID (effective
> user ID) of the user "filepro".
>
> A user using them on later versions of Linux will execute them with
> the EUID of that user.
For clarity's sake, with all respect, no, it runs with the original user's
UID, the EUID is entirely dropped by bash2.
> I don't know if that "security feature" can be turned off or not, so
> I used "sudo" on Linux, to have permitted users execute the filePro
> programs as the user "filepro".
>From the manual page:
"If the shell is started with the effective user (group) id
not equal to the real user (group) id, and the -p option
is not supplied, no startup files are read, shell func
tions are not inherited from the environment, the SHEL
LOPTS variable, if it appears in the environment, is
ignored, and the effective user id is set to the real user
id. If the -p option is supplied at invocation, the
startup behavior is the same, but the effective user id is
not reset."
But since it's being called by system(2) via fP's SYSTEM() command, you'd
need to recompile glibc to get to use that option--not something I'd
recommend.
mark->
--
print("Content-Type: person/now-desceased\n\n");
# The only good MIME is a dead MIME.
More information about the Filepro-list
mailing list