In some cases it is helpful to impersonate the user, at least as
far as
the permissions checking done by the BSD subsystem of the kernel. A
single-threaded daemon can do this using seteuid and setegid.
These set
the effective user and group ID of the process as a whole. This
will
cause problems if your daemon is using multiple threads to handle
requests from different users. In that case you can set the
effective
user and group ID of a thread using pthread_setugid_np. This was
introduced in Mac OS X 10.4.
However there is no other documentation, description, or man page
for these functions in Tiger or Leopard. Even google searches didn't
seem to help (mostly Linux forums complaining about bugs).
About the only thing I've found is in the darwin source, where
pthread_getguid_np() is implemented as
But I can't find any documentation or description for SYS_gettid or
SYS_settid either.
Playing around with it, I've discovered that you can't call
pthread_getugid_np until you've called pthread_setugid_np. And it
appears that pthread_setugid_np sets the uid and gid rather than the
euid and egid. This makes its functionality somewhat limited for me.
If the thread was running as root, once its uid is changed to a
regular user the thread doesn't have the permissions needed to
change it back again.
I'm primarily interested in finding out if there's a way to "unset"
the effect of pthread_setugid_np and restore the thread to the
original uid and euid of the process.
It's not a security mechanism-- a thread that had the privilege to set
credentials can always revert back to its original credentials by
calling:
