Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Change UID/GID only of one thread in Linux

Is there a way to change UID/GID only of one thread in a multithreaded process?

The reason for this is writing a file-serving application - the ACL's and quota are not enforced unless the uid/gid of the caller is set to the correct user, new files/directories are not created with correct uid/gid etc.

The network applications can usually fork() themselves at the beginning and process each user request in separate process. If there is a need for shared data, it must go through some kind of shared memory. However, e.g. the FUSE (linux user filesystem) by default uses multithreading and in conjuction with python bindings it wouldn't be practical to try to use a forking model.

The 'consistent' UID for a whole process seems to be according to the POSIX standard, however old Linuxes didn't follow the POSIX and allowed different uids for different threads. The new kernels seem to follow POSIX, is there some way to allow the old 'broken' behaviour?

like image 286
ondra Avatar asked Aug 03 '09 17:08

ondra


People also ask

How do I find my UID and GID in Linux?

One of the simplest is looking at the /etc/passwd file available on most Linux operating systems. In the /etc/passwd file the uid is the 3rd field and the gid is the 4th. For example, on our Ubuntu 20.04 system where "cooluser" was the first account created, we can see that cooluser's uid and gid are 1000.


2 Answers

To change the uid only for one thread you need to use the syscall directly: syscall(SYS_setresuid, ...); The libc function setresuid() will synchronize it for all threads (using a singal which it sends to all threads)!

like image 124
asn Avatar answered Sep 28 '22 19:09

asn


The Linux-specific setfsuid() / setfsgid() are per-thread rather than per-process. They're designed specifically for this use case (file server).

Note that access() will still check access using the real uid and gid - that is by design (it is intended to answer the question "should the user who ran this binary have the given access to this file"). For the setfsuid() / setfsgid() case you should just try the requested operation and detect failure due to lack of permission at that point.

like image 30
caf Avatar answered Sep 28 '22 19:09

caf