Reputation: 102426
I have a server component that reads its configuration from a file. The configuration file is also read and written by an administration component. The components are separate programs, and they will be running under separate accounts. I want to change the ACL on the configuration file to:
application: read
administration: read and write
Its important to drop write from the application because the application opens a listening socket. That is, its high risk and I want to contain it as much as possible.
After some searching, it looks like ioctl
is used to do it in C. ioctl_list
offers a list of control codes but its not apparent to me how to add two users with different permissions on the configuration file. The man page online at die.net does not discuss the permissions in-depth or offer sample code. For example the word "perm" (root of "permission") only shows up once in the discussion.
On Windows, reducing permission to honor least privilege is drawn out but its pretty straight forward (Richter gives good examples in his Advanced Windows programming series).
How does one change permissions on a linux file using C APIs? What control codes are to be used?
Thanks in advance.
Upvotes: 1
Views: 1875
Reputation: 140846
This is not done with ioctl
, but rather with dedicated system calls: chmod
, chown
, and chgrp
for the basic user/group/other set of file permissions, and acl_*
for full-fledged ACLs. You probably also want to know about the setuid
, setgid
, and setgroups
system calls, which are how you drop privileges in a running application.
You can accomplish your goals using only the basic user/group/other permissions. Configure your system as follows:
nlserver
("nl" for "noloader").nladmin
.-rw-r-----
) and owned by user nladmin
, group nlserver
. (The code responsible for doing this should be in the administrative component, not the server itself.)root
(e.g. bind low-numbered ports), it uses setgroups
, setgid
, and setuid
(IN THAT ORDER!) to change to user nlserver
, group nlserver
, and clear the supplementary groups list. Only after doing so does it open the configuration file.Upvotes: 2