Change shared memory ownership and permission

We know that we can use ipcs to view shared memory segment information,we can use ipcrm to delete a segment.
But wait. Assume that you first run a program as root user,  which creates a shared memory segment of 40GB size. Then you realize that for security resaon, we should use as less privilege as possible, so you decide to run it as the nobody user. However, because the segment was created with perm 0600, the nobody user can’t access it. You definitely don’t want to dump the whole memory and recreate a new segment and recover.  It would be nice if we can simply change the ownership and permission of the  segment.
So I created the tool called chshm for this purpose,


Usage: ./chshm [Options] shmid ...
Options:
    -u|--user        change owner to 
    -g|--group      change group to 
    -m|--mode             change mode to  in octal

eg:
    ./chshm -u nobody -m 0660 65535 
    This will change shm id 65535's owner to nobody, mode to 0660

Comments

Post a Comment

Popular posts from this blog

Using a Linux server to route packets between two private networks

Image
Reference: http://www.tecmint.com/setup-linux-as-router/ We want to route icmp (ping) packets from dev2 to dev4 and the other way around as well (note that both client machines are on different networks). The name of each NIC, along with its corresponding IPv4 address, is given inside square brackets. Our test environment is as follows: Client 1 : CentOS 7 [enp0s3: 192.168.0.17/24] - dev1 Router : Debian Wheezy 7.7 [eth0: 192.168.0.15/24, eth1: 10.0.0.15/24] - dev2 Client 2 : openSUSE 13.2 [enp0s3: 10.0.0.18/24] - dev4 Let’s view the routing table in dev1 (CentOS box): # ip route show and then modify it in order to use its enp0s3 NIC and the connection to 192.168.0.15 to access hosts in the 10.0.0.0/24 network: # ip route add 10.0.0.0/24 via 192.168.0.15 dev enp0s3 Which essentially reads, “Add a route to the 10.0.0.0/24 network through the enp0s3 network interface using 192.168.0.15 as gateway”. Route Network in Linux Likewise in dev4 (openSUSE box) to ping h
Read more

PHP Fatal error: Class 'JFactory' not found

I have faced this issue in Joomla site and searched the forums but none of the forums including joomla did not give solution for me. They simply suggest to check joomla version, php version compatibility and php extensions. Finally I have fixed the issue. Issue:- ---------  [26-Sep-2014 18:11:29 Europe/Berlin] PHP Fatal error: Class 'JFactory' not found in /home/test/public_html/index.php on line 31 Cause & Solution:- ----------------------- In my case, it seems file which gives the class JFactory was missed. /home/test/public_html/libraries/joomla/factory.php --->Core file for Joomla. Simply restore that file under proper path to fix the issue.
Read more

KVM & Qemu

QEMU is a powerful emulator, which means that it can emulate a variety of processor types. Xen uses QEMU for HVM guests, more specifically for the HVM guest's device model. The Xen-specific QEMU is called qemu-dm (short for QEMU device model) QEMU uses emulation; KVM uses processor extensions (intel-VT) for virtualization. Both Xen and KVM merge their various functionality to upstream QEMU, that way upstream QEMU can be used directly to accomplish Xen device model emulation, etc. Xen is unique in that it has paravirtualized guests that don't require hardware virtualization. Both Xen and KVM have paravirtualized device drivers that can run on top of the HVM guests. The QEMU hypervisor is very similar to the KVM hypervisor. Both are controlled through libvirt, both support the same feature set, and all virtual machine images that are compatible with KVM are also compatible with QEMU. The main difference is that QEMU does not support native virtualization. Consequently, QEMU has
Read more