To summarize what
this module covered, the key ideas are, know which UID and group
ID your program is using, and minimize the privileges
that your program gets. Usually this means
picking a UID or a GID with sufficient privileges for the program to complete its task, but no more than that. On systems that support it, you can use the saved UID as we talked about earlier in
order to enforce this. The third key point
here is children, when your child
process starts up. When you do a fork, you should immediately
reset the UID and the GID to the real ones. In other words,
drop all privileges unless there's
a very good reason not to. Also, a word of caution, because this messes
up a lot of people, if you're running as root and you wanted to draw privileges, do not drop the user
privileges first. Drop the group privileges first. The reason is, on many systems, a user cannot change groups. So if you drop the groups first, since the superuser can
do anything that works, then you've changed the user
and you're off and running.