utmps privilege

From: Eric <ericwq057_at_qq.com>
Date: Sat, 24 Jun 2023 17:26:22 +0800

in the document of "An overview of utmps", how to understand the statement: "The main advantage, on the other hand, is that no program needs to be suid or sgid, and permissions can actually be quite fine-grained."

Here is my observation: after use the following command to set my application to use the same group which utmps is running.&nbsp;
%&nbsp;adduser ide utmp

I still can't write to the utmp database. Here ide is my account name. The utmps service is running with the recommended openrc script.

------------------environment start
openrc-ssh:~/develop/aprilsh/cmd$ whoami
openrc-ssh:~/develop/aprilsh/cmd$ id
uid=1000(ide) gid=1000(develop) groups=406(utmp),1000(develop),1000(develop)

---------------environment end

the output of top command, show that utmps daemon is running as the utmp account.

-----------------------top start
Mem: 4952892K used, 1132768K free, 308464K shrd, 347760K buff, 3436632K cached
CPU:&nbsp; &nbsp;0% usr&nbsp; &nbsp;0% sys&nbsp; &nbsp;0% nic 100% idle&nbsp; &nbsp;0% io&nbsp; &nbsp;0% irq&nbsp; &nbsp;0% sirq
Load average: 0.00 0.00 0.01 2/649 9376
&nbsp; PID&nbsp; PPID USER&nbsp; &nbsp; &nbsp;STAT&nbsp; &nbsp;VSZ %VSZ CPU %CPU COMMAND
&nbsp; 286&nbsp; &nbsp;190 root&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;6824&nbsp; &nbsp;0%&nbsp; &nbsp;2&nbsp; &nbsp;0% sshd: root_at_pts/1
&nbsp; 293&nbsp; &nbsp;291 ide&nbsp; &nbsp; &nbsp; S&nbsp; &nbsp; &nbsp;6748&nbsp; &nbsp;0%&nbsp; &nbsp;0&nbsp; &nbsp;0% sshd: ide_at_pts/2
&nbsp; 291&nbsp; &nbsp;190 root&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;6504&nbsp; &nbsp;0%&nbsp; &nbsp;5&nbsp; &nbsp;0% sshd: ide [priv]
&nbsp; 190&nbsp; &nbsp; &nbsp;1 root&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;6492&nbsp; &nbsp;0%&nbsp; &nbsp;2&nbsp; &nbsp;0% sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
&nbsp; 296&nbsp; &nbsp;293 ide&nbsp; &nbsp; &nbsp; S&nbsp; &nbsp; &nbsp;1728&nbsp; &nbsp;0%&nbsp; &nbsp;3&nbsp; &nbsp;0% -ash
&nbsp; 288&nbsp; &nbsp;286 root&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;1724&nbsp; &nbsp;0%&nbsp; &nbsp;0&nbsp; &nbsp;0% -ash
&nbsp;9376&nbsp; &nbsp;296 ide&nbsp; &nbsp; &nbsp; R&nbsp; &nbsp; &nbsp;1624&nbsp; &nbsp;0%&nbsp; &nbsp;4&nbsp; &nbsp;0% top
&nbsp; &nbsp; 1&nbsp; &nbsp; &nbsp;0 root&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;1612&nbsp; &nbsp;0%&nbsp; &nbsp;4&nbsp; &nbsp;0% /sbin/init
&nbsp; 217&nbsp; &nbsp; &nbsp;1 utmp&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;1040&nbsp; &nbsp;0%&nbsp; &nbsp;0&nbsp; &nbsp;0% s6-ipcserverd -- utmps-utmpd
&nbsp; 154&nbsp; &nbsp; &nbsp;1 utmp&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;1040&nbsp; &nbsp;0%&nbsp; &nbsp;5&nbsp; &nbsp;0% s6-ipcserverd -- utmps-wtmpd btmp
&nbsp; 245&nbsp; &nbsp; &nbsp;1 utmp&nbsp; &nbsp; &nbsp;S&nbsp; &nbsp; &nbsp;1040&nbsp; &nbsp;0%&nbsp; &nbsp;0&nbsp; &nbsp;0% s6-ipcserverd -- utmps-wtmpd wtmp

-----------------------top end
Received on Sat Jun 24 2023 - 11:26:22 CEST

This archive was generated by hypermail 2.4.0 : Sat Jun 24 2023 - 11:27:03 CEST