Unix to Windows Porting Dictionary for HPC |
|
|
RSS
LinksFunction List
|
Table of Contents The purpose of the setgid() and setegid() functions is to set the real and effective group ID of the current process on a Unix or Unix-like system. On Unix systems some of the security checks are done as a comparison to the real and/or effective group ID of a process. These security checks may allow access to certain resources and/or privileges. When the security check is not validated then the process will be denied certain actions. On Windows systems the security paradigm is constructed differently and there is not the specific notion of a real and/or effective group ID. While the Windows security model using Access Control Lists (ACL's) can determine whether access should be allowed or denied (explicitly or implicitly), no specific group that a user belongs to is principle as it is on Unix. Thus, on Windows systems, security checks usually check all groups a user belongs to rather than just a real/effective group ID. Therefore on Windows systems the correct action is to guard-out these two functions if the program is setting the real or effective group for the process where the group is in the the group list. However, if the setting is to a group that is not in the group list then you may want add Windows source code to have the process or thread impersonate another user. For more information about impersonation please refer to the setuid() function entry with the dictionary.
#ifdef UNIX_SYSTEM
gid_t groupval;
ret = setgid(groupval);
ret = setegid(groupval);
#endif
|
|
|
|