RFD: uid of privileged user not fixed to 0

Darren Moffat Darren.Moffat at eng.sun.com
Thu Jul 12 04:35:18 EST 2001


I support the idea in general.

>I don't know if other systems are concerned as well but it's at least
>a problem for Cygwin that the uid of the privileged user is fixed to
>the constant 0 in the OpenSSH sources.

Other systems I can think of are systems that use fine grained privileges
rather than uid 0 to determine access - but those systems are likely to
have their own additional source modifications as well. (I'm thinking of
things like Trusted {Solaris, BSD}, DEC MLS).

>we could use something like
>
>	if (is_root(st.st_uid))

What about using suser() which is what is used in many kernels to
do the uid 0 check ?

suser() on Solaris only exists in kernel space (and is actualy a function
since it has auditing and accounting side effects) but the macro you would
use in userland is just as you described for is_root().

--
Darren J Moffat




More information about the openssh-unix-dev mailing list