如何在Linux的ACL中检查UID是否存在? [英] How to check if a UID exists in an ACL in Linux?
问题描述
我需要编写一个程序,其中一部分涉及检查程序执行者的用户ID是否存在于该程序使用的文件的ACL文件中。也就是说,此程序将文件写入文件,并且仅允许在ACL中输入ID和特权的用户这样做。程序如何检查呢?我知道我需要使用 getresid 函数来获取正在执行的进程的RUID,但是如何对照ACL中存储的所有值来检查该值?
I need to write a program, part of which involves checking if the userid of the person executing the program exists in the ACL file of a file which the program uses. That is, this program writes into the file and only users whose ID and privileges are entered in the ACL are allowed to do so. How can the program check this? I know that I need to use the getresid function to get the RUID of the executing process, but how do I check this value against all the values stored in the ACL? Please help me!
推荐答案
如果我误解了我道歉的问题,但希望对您有所帮助:
If I misunderstood the question I apologize, but hopefully you will find this helpful:
来自某些 acl文档 :
Exceprt from some acl documentation:
以下函数检索和处理ACL条目:
The following functions retrieve and manipulate ACL entries:
acl_copy_entry()
acl_create_entry()
acl_delete_entry()
acl_first_entry()
acl_get_entry()
以下函数检索和操作ACL条目中的字段:
The following functions retrieve and manipulate fields in an ACL entry:
acl_add_perm()
acl_clear_perm()
alc_delete_perm()
acl_get_permset()
acl_get_qualifier()
acl_get_tag_type()
acl_set_permset()
acl_set_qualifier()
acl_set_tag_type()
。 。
ACL条目
ACL Entries
ACL条目包含以下字段:
An ACL entry consists of the following fields:
标记类型(在acl.h头文件中定义):
Tag type (defined in the acl.h header file):
ACL_USER_OBJ-所有者用户条目。
ACL_USER_OBJ - The owning user entry.
ACL_GROUP_OBJ-所有者组条目。
ACL_GROUP_OBJ - The owning group entry.
ACL_USER -其他用户的条目。
ACL_USER - An entry for other users.
ACL_GROUP-其他组的条目。
ACL_GROUP - An entry for other groups.
ACL_OTHER_OBJ-所有未包含在另一个条目中的用户和组。
ACL_OTHER_OBJ - The entry for all users and groups that are not included in another entry.
标签限定符-ACL_USER条目的限定符值为用户ID。
Tag qualifier - The qualifier value for a ACL_USER entry is a user ID.
ACL_GROUP条目的限定符值为组ID。
* _OBJ条目中任何一个的限定符值为NULL。
The qualifier value for a ACL_GROUP entry is a group ID. The qualifier value for any of the *_OBJ entries is NULL.
来自 acl_update.c :
/*
Find the the ACL entry in 'acl' corresponding to the tag type and
qualifier in 'tag' and 'id'. Return the matching entry, or NULL
if no entry was found. */
static acl_entry_t
findEntry(acl_t acl, acl_tag_t tag, id_t qaul)
{
acl_entry_t entry;
acl_tag_t entryTag;
uid_t *uidp;
gid_t *gidp;
int ent, s;
for (ent = ACL_FIRST_ENTRY; ; ent = ACL_NEXT_ENTRY) {
s = acl_get_entry(acl, ent, &entry);
if (s == -1)
errExit("acl_get_entry");
if (s == 0)
return NULL;
if (acl_get_tag_type(entry, &entryTag) == -1)
errExit("acl_get_tag_type");
if (tag == entryTag) {
if (tag == ACL_USER) {
uidp = acl_get_qualifier(entry);
if (uidp == NULL)
errExit("acl_get_qualifier");
if (qaul == *uidp) {
if (acl_free(uidp) == -1)
errExit("acl_free");
return entry;
} else {
if (acl_free(uidp) == -1)
errExit("acl_free");
}
} else if (tag == ACL_GROUP) {
gidp = acl_get_qualifier(entry);
if (gidp == NULL)
errExit("acl_get_qualifier");
if (qaul == *gidp) {
if (acl_free(gidp) == -1)
errExit("acl_free");
return entry;
} else {
if (acl_free(gidp) == -1)
errExit("acl_free");
}
} else {
return entry;
}
}
}
}
我认为您不需要检查特定文件的ACL,但是如果我错了,可以通过以下信息进行操作:
I dont think u need to check the ACL of a specific file, but if I am wrong, here is some info to do so:
$ getfacl myFile
# file: myFile
# owner: jon
# group: people
user::rwx
user:foo:rwx
group::rwx
mask::rwx
other::---
然后从名称中获得一个uid(未经测试,但应靠近):
then to get a uid from the name (untested but should be close):
$ grep /etc/passwd `getfacl myFile | grep owner | split -d":" -f2` | egrep -o "[0-9]+"
更多资源:
这篇关于如何在Linux的ACL中检查UID是否存在?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
