setuid的相当于非root用户 [英] setuid equivalent for non-root users
问题描述
的Linux是否也有类似的一些C接口的setuid ,它允许一个程序来切换到一个不同的用户使用例如用户名/密码?与的setuid 的问题是,它只能是由超级用户使用。
Does Linux have some C interface similar to setuid, which allows a program to switch to a different user using e.g. the username/password? The problem with setuid is that it can only be used by superusers.
我运行需要作为登录的用户执行的作业一个简单的Web服务。所以,主进程以root身份运行,并在它叉和调用的的setuid 来切换到适当的UID。不过,我不与主PROC以root身份运行相当舒适。我宁愿把它作为运行其他用户,并有一定的机制来切换到类似于苏(但不启动新的进程)。
I am running a simple web service which requires jobs to be executed as the logged in user. So the main process runs as root, and after the user logs in it forks and calls setuid to switch to the appropriate uid. However, I am not quite comfortable with the main proc running as root. I would rather have it run as another user, and have some mechanism to switch to another user similar to su (but without starting a new process).
推荐答案
没有,有没有办法只使用一个用户名和密码更改UID。 (一个密码的概念是不以任何方式被内核识别 - 它只存在于用户空间。)为了从一个非root UID切换到另一个,则必须通过<$成为root作为一个中间步骤,通常C $ C>执行exec() -uting一个setuid二进制文件。
No, there is no way to change UID using only a username and password. (The concept of a "password" is not recognized by the kernel in any fashion -- it only exists in userspace.) To switch from one non-root UID to another, you must become root as an intermediate step, typically by exec()-uting a setuid binary.
在您的情况另一种选择可能是有主服务器运行作为非特权用户,并有其与后端进程以root身份运行沟通。
Another option in your situation may be to have the main server run as an unprivileged user, and have it communicate with a back-end process running as root.
这篇关于setuid的相当于非root用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
