login setuid root

Nick Stoughton nick at inset.UUCP
Thu Nov 28 05:42:39 AEST 1985


In article <380 at sol1.UUCP> john at sol1.UUCP (John Korsmeyer) writes:
>I would appreciate someone filling me in on the advantages/disadvantages
>of running login setuid to root. BTW our login forks, not execs the
>login shell. (for accounting purposes).

If login is not setuid root, then it will fail to setuid to the person
logging in, unless perchance it was root who called login. This means
that calling login when you ARE logged in (and I don't understand the
need to fork) will fail unless you are logging in as yourself, or you
were logged in as root. Also, login needs to write to protected files
(e.g. /etc/utmp).

NOTE forking will probably mean that /etc/utmp gets screwed up
("who am i" when you log out, and revert to the original user, will be
WRONG).
--------
Nick Stoughton
nick at inset.co.uk
nick at inset.UUCP
...!ukc!inset!nick



More information about the Comp.unix.wizards mailing list