All Progress executable must be owned by root, and most of them require permissions to be set to 4775, which means that the SETUID bit is switched on.
The SETUID bit is necessary on Progress executables for the following reasons:
So Progress can override the ulimit setting for maximum file size. Progress raises the limit to ensure that the database files can grow to the 2 GB size limit.
The broker and other processes must send signals to all processes that are connected to the database, regardless of which user the processes belong to.
Permission settings on the database files can be set such that a normal user cannot access them.
When a self-service client is started, Progress must be able to open the database even though the particular user account might not allow it. After the self-service client has initialized itself and opened any databases specified on the command line, Progress changes the UID to the user UID.
Self-service clients lower their UID after initialization and before any 4GL code is executed. Servers, brokers, and utilities do not lower the UID.
Note:
In OpenEdge, if the ABL local clients (CHUI, AppServer or WebSpeed agents) users initiate their sessions as root, once the initialization process is complete, the client executable automatically drops the security level to that of the user. |
