Why do many servers change their uid and gid, what's the use?

Question

Why do many servers change their uid and gid, what's the use?

I see this logic in many open source projects:

if (setuid() == 0) { if (setgid(ccf->group) == -1) { ... if (initgroups(ccf->username, ccf->group) == -1) {

I have 2 questions about this:

What do you recommend changing to another gid and uid?
And what are initgroups for? IMO, for changing gid and uid, setuid() and setgid() will be enough.

+6

c security unix

cpuer Jun 03 '11 at 5:54

source share

3 answers

Generally, administrative permission is required to access ports 1023 and below. (There are other reasons to run as an administrator, but that's great.) But here's the thing: you can start as an administrator, bind a socket, and then drop to be a user.

Now why do you want to be a user? Well, if you run with the minimum number of permissions, and your program is compromised, then the damage will be contained.

+2

Nick ODell Jun 03 '11 at 5:59

source share

On some setgid() operating systems, additional groups are added. Calling initgroups() before setgid() thus inefficient.

0

user1775311 Oct 24 '14 at 14:20

source share

Frédéric hamidi · Accepted Answer · 2011-06-03T05:59:26+0000

In most cases, system daemons are generated by init scripts and therefore run as root . The call to setuid() and setgid() allows them to discard superuser privileges and impersonate another user in the system (usually much less powerful than root ). Thus, errors and security holes become less deadly for the system.

Regarding the second part of your question, initgroups () is called to reinitialize the group access list and add ccf->group to the list of groups to which ccf->username belongs. This is probably because the setgid() call is not enough for the access rights associated with the new group to extend to the process.

Why do many servers change their uid and gid, what's the use?

More articles: