Modify file permissions using C API

StackOverflow https://stackoverflow.com/questions/20109766

  •  03-08-2022
  •  | 
  •  

Question

I have a server component that reads its configuration from a file. The configuration file is also read and written by an administration component. The components are separate programs, and they will be running under separate accounts. I want to change the ACL on the configuration file to:

application: read
administration: read and write

Its important to drop write from the application because the application opens a listening socket. That is, its high risk and I want to contain it as much as possible.

After some searching, it looks like ioctl is used to do it in C. ioctl_list offers a list of control codes but its not apparent to me how to add two users with different permissions on the configuration file. The man page online at die.net does not discuss the permissions in-depth or offer sample code. For example the word "perm" (root of "permission") only shows up once in the discussion.

On Windows, reducing permission to honor least privilege is drawn out but its pretty straight forward (Richter gives good examples in his Advanced Windows programming series).

How does one change permissions on a linux file using C APIs? What control codes are to be used?

Thanks in advance.

Was it helpful?

Solution

This is not done with ioctl, but rather with dedicated system calls: chmod, chown, and chgrp for the basic user/group/other set of file permissions, and acl_* for full-fledged ACLs. You probably also want to know about the setuid, setgid, and setgroups system calls, which are how you drop privileges in a running application.

You can accomplish your goals using only the basic user/group/other permissions. Configure your system as follows:

  • The server application has a dedicated user ID and group; let's say they are both named nlserver ("nl" for "noloader").
  • The administrative component also has a dedicated user ID and group, let's say nladmin.
  • The configuration file is set to be mode 0640 (aka -rw-r-----) and owned by user nladmin, group nlserver. (The code responsible for doing this should be in the administrative component, not the server itself.)
  • When the server starts up, after doing everything it needs to do as root (e.g. bind low-numbered ports), it uses setgroups, setgid, and setuid (IN THAT ORDER!) to change to user nlserver, group nlserver, and clear the supplementary groups list. Only after doing so does it open the configuration file.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top