C++ in *nix

KillerShots · May 21st, 2004

Well... I've finished writing a program for my linux box that lets me configure my firewall over an encrypted session (requiring a password via .htaccess) on a web server. Made sure it worked with some test configuration files already, so this is the final step. It even will refuse to run if it detects that the server is unencrypted, or user authentication is not being used.

Now the problem is, I want to move on to let it use the actual files, which requires some permissions... and I don't want to give just anyone permission to modify those files. When I went through college, I remember there being a couple of commands that let a program run with root permissions (I may not need to go quite that far) - the purpose was to write directly to a memory-mapped device for that project, but I don't need to do that. I'd be satisfied with creating a special group and assigning only those files to that group with full access. Does anyone happen to know where to look for such information?

I'd also be glad to share it with anyone interested - it's designed for use with shorewall.

EDIT: OK, what I remember from college was setuid(). I'm using setgid().There's also a "getpwnam()" function which will let me select a user name and return a gid (or rather, a structure containing the corresponding gid). So I chose to run the program under gid "nobody." I did a chown nobody:nobody to the cgi script, and also did a "chmod 4555" (It's a compiled binary, so setgid should work). The files I want to change, I set their group to "nobody", chmodded them as "660", and ran the script.

Now, however, it claims it can't read the files (permission problems). What am I doing wrong?

KillerShots · May 28th, 2004

Well, I've finished a working version of the project! I call it ShorewallConf (simple enough), you can check it out here under ShorewallConf. Supports all the basic necessities of the firewall, though some of the more advanced stuff is not implemented at all (you'll still have to edit those files manually). This program also knows how to stop, start, and restart the firewall if you ask it to do so (and gives feedback as to the progress/results of said operation). Enjoy!

May 21st, 2004	#1 (permalink)
KillerShots War Games coder Join Date: Apr 2001 Location: Florida Posts: 1,918	*C++ in nix** Well... I've finished writing a program for my linux box that lets me configure my firewall over an encrypted session (requiring a password via .htaccess) on a web server. Made sure it worked with some test configuration files already, so this is the final step. It even will refuse to run if it detects that the server is unencrypted, or user authentication is not being used. Now the problem is, I want to move on to let it use the actual files, which requires some permissions... and I don't want to give just anyone permission to modify those files. When I went through college, I remember there being a couple of commands that let a program run with root permissions (I may not need to go quite that far) - the purpose was to write directly to a memory-mapped device for that project, but I don't need to do that. I'd be satisfied with creating a special group and assigning only those files to that group with full access. Does anyone happen to know where to look for such information? I'd also be glad to share it with anyone interested - it's designed for use with shorewall. EDIT: OK, what I remember from college was setuid(). I'm using setgid().There's also a "getpwnam()" function which will let me select a user name and return a gid (or rather, a structure containing the corresponding gid). So I chose to run the program under gid "nobody." I did a chown nobody:nobody to the cgi script, and also did a "chmod 4555" (It's a compiled binary, so setgid should work). The files I want to change, I set their group to "nobody", chmodded them as "660", and ran the script. Now, however, it claims it can't read the files (permission problems). What am I doing wrong? __________________ Primary CPU: Athlon 64 X2 4400+ Mobo: Biostar N4SLI-A9 RAM: 2G Crucial (DDR400) Video: eVGA GeForce 7900 GTX (512M) Audio: HDA X-Mystique HD(s): Maxtor 300G SATA2, Samsung 400G SATA2 OS(s): WinXP x64 Pro, Vista x32 Ultimate, Gentoo x64 Monitor(s): Primary - 19" Flat Panel (1280x1024) Secondary - 19" Flat Panel (1280x1024) Tertiary - Zenith 42" Plasma TV (1024x768 res) Many other machines... sig too short Last edited by KillerShots; May 24th, 2004 at 15:06.

May 28th, 2004	#2 (permalink)
KillerShots War Games coder Join Date: Apr 2001 Location: Florida Posts: 1,918	Well, I've finished a working version of the project! I call it ShorewallConf (simple enough), you can check it out here under ShorewallConf. Supports all the basic necessities of the firewall, though some of the more advanced stuff is not implemented at all (you'll still have to edit those files manually). This program also knows how to stop, start, and restart the firewall if you ask it to do so (and gives feedback as to the progress/results of said operation). Enjoy! __________________ Primary CPU: Athlon 64 X2 4400+ Mobo: Biostar N4SLI-A9 RAM: 2G Crucial (DDR400) Video: eVGA GeForce 7900 GTX (512M) Audio: HDA X-Mystique HD(s): Maxtor 300G SATA2, Samsung 400G SATA2 OS(s): WinXP x64 Pro, Vista x32 Ultimate, Gentoo x64 Monitor(s): Primary - 19" Flat Panel (1280x1024) Secondary - 19" Flat Panel (1280x1024) Tertiary - Zenith 42" Plasma TV (1024x768 res) Many other machines... sig too short

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode