From owner-freebsd-questions  Sat Nov 30 11:41:36 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3E5AC37B401
	for <questions@freebsd.org>; Sat, 30 Nov 2002 11:41:35 -0800 (PST)
Received: from smtp040.tiscali.dk (smtp040.tiscali.dk [212.54.64.106])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 448E143EC5
	for <questions@freebsd.org>; Sat, 30 Nov 2002 11:41:34 -0800 (PST)
	(envelope-from dslb@tiscali.dk)
Received: from cpmail.dk.tiscali.com ([212.54.64.52])
	by smtp040.tiscali.dk (8.12.5/8.12.5) with ESMTP id gAUJbLRG023884
	for <questions@freebsd.org>; Sat, 30 Nov 2002 20:37:21 +0100 (MET)
Received: from [213.237.112.252] by cpmail.dk.tiscali.com with HTTP; Sat, 30 Nov 2002 20:41:31 +0100
Date: Sat, 30 Nov 2002 20:41:31 +0100
Message-ID: <3D9FE7F600007EA7@cpfe5.be.tisc.dk>
From: dslb@tiscali.dk
Subject: Re: login.conf problem
To: questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 2002.11.30 18:24 Matthew Seaman wrote:
> Hmmm... How about if you actually login as test or use 'su -l test'
> rather than
> just using 'su test' ?  As the su(1) man page says:
> 
> 
> 
> Resource limits
>      and session priority applicable to the original user's login
> class (See
>      login.conf(5)) are also normally retained unless the target
> login has a
>      user ID of 0.
> 
>  [...]
> 
> 
>      -l      Simulate a full login.  The environment is discarded
> except for
>              HOME, SHELL, PATH, TERM, and USER.  HOME and SHELL are
> modified
>              as above.  USER is set to the target login.  PATH is
> set to
>              ``/bin:/usr/bin''.  TERM is imported from your current
> environ-
>              ment.  Environment variables may be set or overridden
> from the
>              login class capabilities database according to the
> class of the
>              target login.  The invoked shell is the target login's,
> and su
>              will change directory to the target login's home
> directory.
>              Resource limits and session priority are modified to
> that for the
>              target account's login class.

Jep, now it works! Thanks :-)
But that would say: If you program a daemon and root starts it, even thou=
gh
it drops permissions with setreuid(), it still have the root ressource pe=
rmissions....!?!?!
Sadly there is no easy way to drop ressource limits or is there? I know
you can use setrlimit(), but you would have to fill in all fields and the=
reby
not using the admins login.conf setup.

br
socketd


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message