What the heck (changing process uid question)

joevandyk · November 23, 2005, 1:25am

My problem: When I fork a new process and set the UID of that process
and want to create a log file that I redirect output into, I’m having
difficulties getting the log file to be owned by the correct person.

Below is a code snippet that demonstrates my problem.

require ‘ftools’

fail “run this as root please” if Process.uid != 0
fail “usage: ruby #{ FILE } <directory” if ARGV.size != 2

uid = ARGV.shift.to_i
dir = ARGV.shift

puts “uid is #{ Process.uid }”

puts “changing uid to #{ uid }”
Process.uid = uid

puts “uid is now #{ Process.uid }”

File.makedirs dir

puts “Hopefully <#{ dir }> was created by uid <#{ uid }>”

raise “why the heck don’t I own this?” if !File.owned? dir

When I run this on my linux box, I get:
crabbe@~$ id
uid=7258(mz652c) gid=20(games) groups=20(games)

crabbe@~$ sudo ruby a.rb 7258 asdf
uid is 0
changing uid to 7258
uid is now 7258
Hopefully was created by uid <7258>
a.rb:20: why the heck don’t I own this? (RuntimeError)

crabbe@~$ ls -ld asdf
drwxr-xr-x 2 4294967294 4294967294 9 Nov 22 16:23 asdf

joevandyk · November 23, 2005, 1:46am

On Wed, 23 Nov 2005, Joe Van D. wrote:

My problem: When I fork a new process and set the UID of that process and
want to create a log file that I redirect output into, I’m having
difficulties getting the log file to be owned by the correct person.

afaik this isn’t possible from within a ruby, or any script. setuid
programs
are gaurded pretty heavily by the kernel. i worked on this for some
time at
one point and this was the only way it was possible at the time:

http://codeforpeople.com/lib/ruby/setuidruby/

let me know if you figure out another method. the bottom line is that
setuid
program must be binary.

enjoy.

-a

joevandyk · November 23, 2005, 1:58am

Joe Van D. wrote:

My problem: When I fork a new process and set the UID of that process
and want to create a log file that I redirect output into, I’m having
difficulties getting the log file to be owned by the correct person.

Process.uid = uid

You want to change effective id, not real id:

Process.euid = uid

joevandyk · November 23, 2005, 2:10am

On 11/22/05, Bob S. [email protected] wrote:

Joe Van D. wrote:

My problem: When I fork a new process and set the UID of that process
and want to create a log file that I redirect output into, I’m having
difficulties getting the log file to be owned by the correct person.

Process.uid = uid

You want to change effective id, not real id:

Process.euid = uid

Very nice, thank you.