以root特权调用C ++函数，而无需以root身份执行整个程序 [英] Calling a C++ function with root privileges, without executing the whole program as root

问题描述

此刻，我正在使用蓝牙LE和iBeacon设备. 我写了一个服务器，一直在寻找附近的信标.

At the moment I am playing around with bluetooth LE and iBeacon devices. I wrote an Server that keeps looking for nearby beacons.

我的服务器遵循以下示例(链接)

My server follows this example (Link)

不幸的是调用了该函数:

Unfortunately calling the function:

hci_le_set_scan_parameters()

需要root特权.

由于我不想以root特权运行整个服务器，所以我想问问是否有可能仅以root特权调用此函数?

As I don't want to run the whole server with root privileges I wanted to ask if there is any possibility for calling only this function with root privileges?

我知道执行程序时要求sudo总是有问题的，我找不到扫描iBeacons的任何其他可能性. 如果还有另一种可能性，我也很高兴听到.

I am aware that asking for sudo when executing a program is always at least questionable I could not find any other possibility to scan for iBeacons. If there is another possibility I am happy to hear about it as well.

感谢您的帮助和亲切的问候

Thanks for your help and kind regards

nPLus

推荐答案

根据POSIX，UID/GID是 process 属性.流程中的所有代码都是使用当前为整个流程设置的UID/GID执行的.

According to POSIX, UID/GID are process attributes. All code inside your process is executed with UID/GID currently set for the whole process.

您可以以root用户身份启动服务器，并立即放弃root用户特权.然后，您可以使用 seteuid(2) 临时获得root特权.在执行功能时.

You could start server as root and immediately drop root privileges. Then, you can temporary gain root privileges using seteuid(2) when executing your function.

另请参见此答案.

您还只能获得选定的 capabilities(7) 代替(临时或永久).

You can also gain only selected capabilities(7) instead (temporary or permanently).

线程安全说明

AFAIK，在Linux UID/GID上是每个线程的属性，可以将它们设置为单线程，请参见seteuid()手册页中的NOTES部分和

AFAIK, on Linux UID/GID are per-thread attributes and it's possible to set them for single thread, see NOTES section in seteuid() man-page and this post.

这篇关于以root特权调用C ++函数，而无需以root身份执行整个程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！