Privilege dropping support in Upstart
Serge E. Hallyn
serge.hallyn at canonical.com
Wed Nov 9 19:25:53 UTC 2011
Quoting Evan Broder (evan at ebroder.net):
> The attached patchset (also available at
> http://code.launchpad.net/~broder/upstart/drop-privileges) adds new
> setuid and setgid stanzas to the config format, each of which accept a
> user/group name (not UID/GID), respectively. (See also
> https://bugs.launchpad.net/upstart/+bug/586942)
>
> If the stanzas are set, Upstart drops privileges after handling the
> chroot and chdir stanzas and before resetting signal handlers. This
> means that the arguments to the stanzas are evaluated within the
> chroot where the job will run. They are also evaluated after dropping
> privilege for user jobs, and after setting rlimits.
>
> If the setuid stanza is set and the setgid stanza is unset, then the
> primary group of the user specified is used. If the setgid stanza is
> set and the setuid stanza is unset, the job runs with root's (or the
> unprivileged user's) UID and the specified group. If neither is
> specified, the job runs with root's user and group.
The setxid bits look sane to me.
-serge
More information about the upstart-devel
mailing list