Re: ITS#98 'user' patch for BSD systems

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

I would think it vary wise to model our setuid/gid/chroot handling
after well established daemons.  As I noted before, bind seems to
have clean implementation of this functionality that we could
utilize as our model.

I would hestitate before adding some of the 'generalizations'
discussed.  I think bind's handling of the the special cases is
reasonable.

     -u user_name
                 Specifies the user the server should run as after it initial-
                 izes.  The value specified may be either a username or a nu-
                 meric user id.  If the ``-g'' flag is not specified, then the
                 group id used will be the primary group of the user specified
                 (initgroups() is called, so all of the user's groups will be
                 available to the server).

     -g group_name
                 Specifies the group the server should run as after it ini-
                 tializes.  The value specified may be either a groupname or a
                 numeric group id.


The only issue is if the user is specified by uid and no group is specified.
However, in this case, initgroups calls setgroups(0, groups).  This
clears the group vector for the process.  This seems reasonable to
me.

In particular, see:
  http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/bind/bin/named/ns_main.c?rev=1.1.1.2

I think we should also be able to apply the same logic to other
servers in the distribution.   Someone could write a lutil
routine to provide a consistent implementation.

Kurt