set user id for service ?

Havoc Pennington hp at
Thu Sep 14 18:29:18 PDT 2006

Matthew Johnson wrote:
> On Thu, 14 Sep 2006, Thiago Macieira wrote:
>> frederic heem wrote:
>>> Unfortunately, making the program setuid is considered insecure.
>>> Another solution is to use sudo to restrict who can start the service,
>>> i.e the messagebus
>> Put the setuid-user program or wrapper in an 0500 messagebus-owned
>> directory.
> It's still not very elegant.

Not clear to me that having a random custom bus running as root that 
starts services using a mechanism designed for desktop user sessions is 
particularly elegant either ;-) in fact I have no real idea why this 
would be a sensible way to implement anything, though I'm willing to 
admit it might be, someone would have to step back and explain the whole 
problem and possible alternatives and what the dbus feature would be 
like, how it would work, how it's more secure than existing approaches, etc.


More information about the dbus mailing list