Change shared memory ownership and permission

We know that we can use ipcs to view shared memory segment information,we can use ipcrm to delete a segment.
But wait. Assume that you first run a program as root user,  which creates a shared memory segment of 40GB size. Then you realize that for security resaon, we should use as less privilege as possible, so you decide to run it as the nobody user. However, because the segment was created with perm 0600, the nobody user can’t access it. You definitely don’t want to dump the whole memory and recreate a new segment and recover.  It would be nice if we can simply change the ownership and permission of the  segment.
So I created the tool called chshm for this purpose,


Usage: ./chshm [Options] shmid ...
Options:
    -u|--user        change owner to 
    -g|--group      change group to 
    -m|--mode             change mode to  in octal

eg:
    ./chshm -u nobody -m 0660 65535 
    This will change shm id 65535's owner to nobody, mode to 0660

Comments

Post a Comment

Popular posts from this blog

KVM & Qemu

QEMU is a powerful emulator, which means that it can emulate a variety of processor types. Xen uses QEMU for HVM guests, more specifically for the HVM guest's device model. The Xen-specific QEMU is called qemu-dm (short for QEMU device model) QEMU uses emulation; KVM uses processor extensions (intel-VT) for virtualization. Both Xen and KVM merge their various functionality to upstream QEMU, that way upstream QEMU can be used directly to accomplish Xen device model emulation, etc. Xen is unique in that it has paravirtualized guests that don't require hardware virtualization. Both Xen and KVM have paravirtualized device drivers that can run on top of the HVM guests. The QEMU hypervisor is very similar to the KVM hypervisor. Both are controlled through libvirt, both support the same feature set, and all virtual machine images that are compatible with KVM are also compatible with QEMU. The main difference is that QEMU does not support native virtualization. Consequently, QEMU has ...
Read more

PHP Fatal error: Class 'JFactory' not found

I have faced this issue in Joomla site and searched the forums but none of the forums including joomla did not give solution for me. They simply suggest to check joomla version, php version compatibility and php extensions. Finally I have fixed the issue. Issue:- ---------  [26-Sep-2014 18:11:29 Europe/Berlin] PHP Fatal error: Class 'JFactory' not found in /home/test/public_html/index.php on line 31 Cause & Solution:- ----------------------- In my case, it seems file which gives the class JFactory was missed. /home/test/public_html/libraries/joomla/factory.php --->Core file for Joomla. Simply restore that file under proper path to fix the issue.
Read more

docker.errors.APIError: 400 Client Error client is newer than server

You can face this issue when you are trying to use docker python library. Error: docker.errors.APIError: 400 Client Error: Bad Request for url: http+docker://localunixsocket/v1.26/images/json?only_ids=0&all=0 ("client is newer than server (client API version: 1.26, server API version: 1.24)") Solution: client= docker.from_env(version='auto') Use parameter "version" when instantiating a client.
Read more