Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PRIV_EXECVE(3)			  Subroutines			PRIV_EXECVE(3)

NAME
       priv_execve  -  execute	program	 as a given user and in a given chroot
       jail

SYNOPSIS
       #include <privman.h>

       int priv_execve(const char *program, char * const argv[], const * const
       envp[], const char * userconst char *chroot);

DESCRIPTION
       priv_execve() executes the program pointed to by program.

       See execve(2) for more details about the program, argc, and envp param‐
       eters.

       As an important note, the execve will actually occur  in	 a  new	 slave
       process,	 so  changes made to the process context in the local process,
       like limits, will not affect it.	 The new program  will	not  have  any
       access  to  the	privilege  manager,  although  if the user provided to
       priv_execve is "root" that little detail won't be relevant.

       program must be in the name-space provided by chroot as the execve call
       is  made	 after	the  chroot  call.  chroot should be an absolute path.
       Setting up a proper chroot jail for the process to run is is  not  sim‐
       ple, as the process must also be able to link inside the jail.  If NULL
       is passed as chroot, the directory "/" will be used.

       user will be looked up via getpwent, and so should probably be  in  the
       password	 file.	 The  user is looked up before the chroot.  If NULL is
       passed as user, the user default unprivileged user (normally  "nobody")
       will be used.

FILES
       ${prefix}/etc/privman.d/ appname
	      The  application's  configuration file.  See privman_conf(5) for
	      more details.  To use priv_execve , the configuration file  will
	      have to set allow_rerun to a true value.

	      The  configuration  file will also need to list any target users
	      in run_as user statements.

BUGS
       Given the issues in verifying the arguments, then executing, race  con‐
       ditions	are  likely.   The  method should fail (causing the program to
       exit) if the environment changes unsuitably rather than give up	privi‐
       lege,  but  the	method	will  be unable to return an error code to the
       calling process.

TODO
       Remove this method.

AUTHOR
       Network Associates. Send email to <privman@nailabs.com>

SEE ALSO
       priv_bind(3)  priv_daemon(3)  priv_fopen(3)  priv_fork(3)  priv_init(3)
       privman_conf(5) priv_open(3) priv_pam(3) priv_rerunas(3) privman(7)

Unix				SEPTEMBER 2002			PRIV_EXECVE(3)

Vote for polarhome