[OpenAFS] How can I create new pag for a process whose euid doesn't equal to ruid under keyring setttings?

shuaijie wang wangshuaijie@gmail.com
Mon, 2 Sep 2013 11:59:01 +0800


--001a11c344f4aeab0e04e55e97a2
Content-Type: text/plain; charset=ISO-8859-1

Hi all,

I have this requirement:

I have a daemon process whose ruid is a normal user and euid is root, it
does most of its work under normal user, but occasionally it needs to
change its euid to root to do something, so we can't just change both of
its ruid and euid to normal user.  And when I want to create a PAG for this
process, I make this process to fork a child to exec aklog -setpag to do
this, but our linux kernel is 2.6.34, which has keyring feature enabled,
and we found that under this circumstance, the keyring created by this
process belongs to the ruid, not euid, so the keyring created is root, and
the aklog forked by this daemon can't write into this keyring, thus causing
pag creation error.  And I've tries many ways to change the permission of
the keyring, but they didn't work.
So does we consider the set-u-id process when integrating keyring feature
into aklog -setpag?
And in my case, I have a set-u-id process, and keyring feature enabled, and
I want to create a pag for this daemon process, what can I do? Can I use
aklog -setpag or there is something else workable?

Thanks.

--001a11c344f4aeab0e04e55e97a2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div><br></div>Hi all, <br><br></div>I=
 have this requirement:<br><br></div>I have a daemon process whose ruid is =
a normal user and euid is root, it does most of its work under normal user,=
 but occasionally it needs to change its euid to root to do something, so w=
e can&#39;t just change both of its ruid and euid to normal user.=A0 And wh=
en I want to create a PAG for this process, I make this process to fork a c=
hild to exec aklog -setpag to do this, but our linux kernel is 2.6.34, whic=
h has keyring feature enabled, and we found that under this circumstance, t=
he keyring created by this process belongs to the ruid, not euid, so the ke=
yring created is root, and the aklog forked by this daemon can&#39;t write =
into this keyring, thus causing pag creation error.=A0 And I&#39;ve tries m=
any ways to change the permission of the keyring, but they didn&#39;t work.=
<br>
</div>So does we consider the set-u-id process when integrating keyring fea=
ture into aklog -setpag?<br></div>And in my case, I have a set-u-id process=
, and keyring feature enabled, and I want to create a pag for this daemon p=
rocess, what can I do? Can I use aklog -setpag or there is something else w=
orkable?<br>
<br>Thanks.<br></div>

--001a11c344f4aeab0e04e55e97a2--