gorpong@uunet.uu.net (Gordon C. Galligher) (07/05/90)
I've been hacking on a limited shell type thingee (mentioned in my last letter which I still haven't gotten working) which needs to chroot() to a secure place on the system and then emulate a login type program, which entails setting the user-id/effective user-id and group-id/effective group-id. What would also be nice would be to set the entire groups, just like the setgroups(2) call on Berkeley and some System V machines. Any similar thing in Perl? I tried setting $( and $) to lists, but only the first entry is used. It seems rather inconsistent to have all of the groups with the $( but only the first one is settable. That would be fine IF there were a setgroups() call to emulate the rest. Once the chroot() is executed, then the setgroups() call should then query the /etc/group file (which is now the restricted /etc/group file) and set them up accordingly. Any thoughts? Any ideas on how to emulate this? Will setgroups() or something similar ever exist? Thank you for your time. -- Gordon. -- Gordon C. Galligher <|> ..!uunet!telxon!gorpong <|> telxon!gorpong@uunet.uu.net Telxon Corporation <|> "It seems to me, Golan, that the advance of civiliza- Akron, Ohio, 44313 <|> tion is nothing but an exercise in the limiting of (216) 867-3700 (3512)<|> privacy." - Janov Pelorat -- _Foundation's Edge_
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (07/06/90)
You can probably do setgroups if you have syscall. Something like:
do 'syscall.h' || die "Did you run makelib on syscall.h?\n";
$ngroups = @newgroups;
syscall(&SYS_setgroups, $ngroups, pack("i$ngroups", @newgroups));
Check the "i" format against your system--some systems may want "s" instead.
I think there are even some systems where the documentation lies.
Larry