in the document of "An overview of utmps", how to understand the statement: "The main advantage, on the other hand, is that no program needs to be suid or sgid, and permissions can actually be quite fine-grained."
Here is my observation: after use the following command to set my application to use the same group which utmps is running.
% adduser ide utmp
I still can't write to the utmp database. Here ide is my account name. The utmps service is running with the recommended openrc script.
------------------environment start
openrc-ssh:~/develop/aprilsh/cmd$ whoami
ide
openrc-ssh:~/develop/aprilsh/cmd$ id
uid=1000(ide) gid=1000(develop) groups=406(utmp),1000(develop),1000(develop)
---------------environment end
the output of top command, show that utmps daemon is running as the utmp account.
-----------------------top start
Mem: 4952892K used, 1132768K free, 308464K shrd, 347760K buff, 3436632K cached
CPU: 0% usr 0% sys 0% nic 100% idle 0% io 0% irq 0% sirq
Load average: 0.00 0.00 0.01 2/649 9376
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
286 190 root S 6824 0% 2 0% sshd: root_at_pts/1
293 291 ide S 6748 0% 0 0% sshd: ide_at_pts/2
291 190 root S 6504 0% 5 0% sshd: ide [priv]
190 1 root S 6492 0% 2 0% sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
296 293 ide S 1728 0% 3 0% -ash
288 286 root S 1724 0% 0 0% -ash
9376 296 ide R 1624 0% 4 0% top
1 0 root S 1612 0% 4 0% /sbin/init
217 1 utmp S 1040 0% 0 0% s6-ipcserverd -- utmps-utmpd
154 1 utmp S 1040 0% 5 0% s6-ipcserverd -- utmps-wtmpd btmp
245 1 utmp S 1040 0% 0 0% s6-ipcserverd -- utmps-wtmpd wtmp
-----------------------top end
Received on Sat Jun 24 2023 - 11:26:22 CEST