Change owner of a currently running process

Asked 23/5, 2016 at 22:49 Answered 15/6, 2023 at 5:7

I have a process that is currently running with pid, $PID, and owned by the user foo which is not root. I want to transfer the ownership of this process to another user bar which is also not root.

Is there a shell command that changes the owner of a process? I'm thinking of a chown but for processes that looks something like.

chownproc [option] PID

This question and this question are similar, but not quite what I'm looking for and chown man pages doesn't say anything about processes, only files.

If there isn't, is there a reason why this hasn't been done or isn't possible?

Atchison answered 23/5, 2016 at 22:49 Comment(2)

I've never heard of such mechanism. The security implications are dramatic — the process opened the files and other resources using ID foo; should any of those be allowed to ID bar? This is probably one of the main reasons why it is not done. – Zygophyte 23/5, 2016 at 22:57

No user-level programs can do that. You need to write a kernel module to do that. e.g., github.com/xuancong84/supgroup – Varien 15/6, 2023 at 4:34

You cannot do that, there's no such syscall. However, depending on how you want to affect the process, you could try some hack if the process is not critical to your system.

(gdb) attach process_id
(gdb) call putenv ("UID=1234")
(gdb) call putenv ("EUID=1234")
(gdb) call putenv ("GID=1234")
(gdb) detach

Note that this WILL NOT WORK:

(gdb) call setuid(1234)

This does not really answer to your question (change the owner of a running process), but considering that you may want to change the owner to affect something about the process, maybe this hack help.

Remember that it's very likely that this breaks your process.

(based on this: Is there a way to change another process's environment variables?)

Ex answered 24/6, 2016 at 11:29 Comment(0)

Now, it is possible to do this at the kernel level.

This is actually a design flaw of the Linux kernel, that credential changes occur only on disks but not in memory. To put it specifically, when credentials (UID, GID, or supplementary group list) are changed, all existing processes will continue to use their previous credentials and enjoy access to previously granted data. And there is not a single API function to propagate credential change throughout the system (i.e., all processes). As a result of this defect, no user-level programs can do what you want. You have to end your current process and create a new process.

Nevertheless, at kernel level, it is possible to do this. I have just tried to make one and it works on simple programs. (https://github.com/xuancong84/supgroup)

However, in general it is not a good idea to do so because in general a program can have lots of external interactions, e.g., opened file handles, child processes/threads running on other CPU cores, bound pipes, opened devices, etc. Thus, changing the UID/GID while running can lead to many undefined behavior among which some can cause error (e.g., broken pipe, aborted I/O communication), some can turn out hazardous (e.g., system crash). I have tested that this program works on simple programs (such as nc -l 8080), but on a much bigger complex program running many threads on many CPU cores and GPU CUDA cores, having heavy network activity and disk I/O activity, I am not sure what will happen.

Varien answered 15/6, 2023 at 5:7 Comment(0)

Recommended topics

Hot tags