Re: root permissions for user processes?

New Message Reply Date view Thread view Subject view Author view

Simon Bennett (simonb++at++wormald.com.au)
Mon, 23 Feb 1998 08:43:04 +1010 (EST)

On Fri, 20 Feb 1998, Jean Daigle wrote:
> On Feb 20, 12:44pm, Oskar von Bohuszewicz wrote:
> } Subject: root permissions for user processes?
> ...
> } I want to increase the performance of a DIVISION-application by running
> } the performer stuff with root permissions (allowing high priority,
> } processor locking etc.).
> ...
> } chmod a+s and chmod a+t let the process run with the permissions of the
> } owner of the binary instead with those of the actual user, but this does
> } NOT work if the owner is root.
> ...
> }-- End of excerpt from Oskar von Bohuszewicz
>
> Setting the suid-bit does work for us.

It's probably the case that you've got nosuidshells set to 0 in
/var/sysgen/mtune/kernel. Oskar - probably has it set to 1.

This prevents the use of process with owner id 0 (root) from running if
stdout and stdin are connected to a terminal - the idea being not to let
people write "shell like" applications as root - from which they can run
any process they like.

Oskar check the /var/sysgen/mtune/kernal file and search for nosuidshells.
The active command is the one without the '*' comment at the front of the
line.

> The following steps are performed (with Performer 1.2, 2.0.x, 2.1):
> su -
> chown root.sys <visual binary>
> chmod 4555 <visual binary>
>
> This _does_ allow non-degrading priorities to be set, and processors
> to be isolated, restricted, etc. It hasn't been necessary to set
> the "t" bit.
>
> There are some side effects if you are reading data from NFS-mounted
> filesystems where the root privileges may not commute, but the
> performance enhancements work.
>
>
> Regards,
> Jean Daigle.
>
> --------------------------------------------------------------------
> | Jean Daigle ATS Aerospace Inc. |
> | Manager, 1250 Boul Marie-Victorin |
> | Real Time Graphics & Entertainment St. Bruno, QC J3V 6B8 |
> | Tel: (514) 441-9000 |
> | Jean.Daigle++at++ATSaerospace.com Fax: (514) 441-6789 |
> --------------------------------------------------------------------
> =======================================================================
> List Archives, FAQ, FTP: http://www.sgi.com/Technology/Performer/
> Submissions: info-performer++at++sgi.com
> Admin. requests: info-performer-request++at++sgi.com
>

+----------------------------------------------------------------------------+
  Simon Bennett simonb++at++wormald.com.au
  Wormald Technology Advanced Systems Engineering Ph: +61 2 9981 0669

                "Good judgement is the result of experience.
                 Experience is the result of poor judgement"

=======================================================================
List Archives, FAQ, FTP: http://www.sgi.com/Technology/Performer/
            Submissions: info-performer++at++sgi.com
        Admin. requests: info-performer-request++at++sgi.com

New Message Reply Date view Thread view Subject view Author view

This archive was generated by hypermail 2.0b2 on Mon Aug 10 1998 - 17:56:50 PDT

This message has been cleansed for anti-spam protection. Replace '++at++' in any mail addresses with the '@' symbol.