删除root权限 [英] Dropping root privileges

问题描述

我有被root启动（所以它可以绑定到低端口）的守护程序。初始化之后我非常想拥有它放弃root特权出于安全原因。

I have a daemon which gets started as root (so it can bind to low ports). After initialisation I'd very much like to have it drop root privileges for safety reasons.

任何人都可以点我在的的已知的正确的用C片code的，将做到这一点？

Can anyone point me at a known correct piece of code in C which will do this?

我读过的手册页，我看在不同的应用中这种不同的实现，和他们都不同，其中有些是非常复杂的。这是与安全相关的code，我真的不想重塑同样的错误，其他人正在。我正在寻找的是一个最佳实践，已知良好的，可移植的库函数，我可以的，因为它会得到正确的认识使用。难道这样的事情存在？

I've read the man pages, I've looked at various implementations of this in different applications, and they're all different, and some of them are really complex. This is security-related code, and I really don't want to reinvent the same mistakes that other people are making. What I'm looking for is a best practice, known good, portable library function that I can use in the knowledge that it's going to get it right. Does such a thing exist?

有关参考：我开始为根;我需要改变，以根据不同的UID和GID运行;我需要设置正确的补充群体;我不需要回之后更改为root权限。

For reference: I'm starting as root; I need to change to run under a different uid and gid; I need to have the supplementary groups set up correctly; I don't need to change back to root privileges afterwards.

推荐答案

您正在寻找的这篇文章：

You're looking for this article:

<一个href=\"https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges\"相对=nofollow> POS36-C。注意正确的撤销令而放弃特权

不知道如何以最佳方式把一些信息不存在重复的页面内容...

Not sure how to best put some information there without duplicating the content of that page ...

这篇关于删除root权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！