So, I have a root process (running as root), and I want it to load another process using a non-root uid.
At the moment, I call seteuid and setegid , and then reconfigures to root after the process has been created. I found that the process is still loading using uid root. What should I use for this?
Java Code (JNA):
public boolean loadVHost(String java, File sockfile) throws IOException { if (CLib.INSTANCE.setegid(suid) != 0) { log("setegid C call failed! @ " + id); return false; } if (CLib.INSTANCE.seteuid(suid) != 0) { log("seteuid C call failed! @ " + id); return false; } if (CLib.INSTANCE.getegid() != suid || CLib.INSTANCE.geteuid() != suid) { log("geteuid/egid C call returned unwanted value! @ " + id + " (returned " + CLib.INSTANCE.getuid() + ":" + CLib.INSTANCE.getgid() + ")"); return false; } File hp = new File(homepath); hp.mkdirs(); File avuna = new File(hp, "avuna.jar"); File main = new File(hp, "main.cfg"); // TODO: add linux user-based RAM/HDD/bandwidth caps File hosts = new File(hp, "hosts.cfg"); if (!avuna.exists() || !main.exists() || !hosts.exists()) { log("VHost corrupted, avuna.jar/main.cfg/hosts.cfg is missing! Reinstalling..."); // if (createVHost(java, sockfile.getAbsolutePath())) { // log("Reinstallation completed, vhost loading..."); // }else { // log("Reinstallation failed, vhost NOT loading."); // return false; // } } ProcessBuilder builder = new ProcessBuilder(java, "-Xmx" + maxram + "M", "-Xms16M", "-jar", avuna.getAbsolutePath(), main.getAbsolutePath()); // TODO: if we want to be able to pass std input/output/err, this would be the place builder.redirectErrorStream(true); this.process = builder.start(); if (CLib.INSTANCE.seteuid(0) != 0) { log("[CRITICAL] setuid C call failed! @ " + id + ", the VHost was loaded, but we were NOT able to re-escalate!"); return false; } if (CLib.INSTANCE.setegid(0) != 0) { log("[CRITICAL] setgid C call failed! @ " + id + ", the VHost was loaded, but we were NOT able to re-escalate!"); return false; } return true; }
source share