访问其他用户的D-Bus会话 [英] Access another user's D-Bus session

问题描述

让我们假设这种情况：我们有一个用户登录，通过 sudo 或 su 执行某些应用程序。该用户正在运行 dbus-daemon 。

但是，当具有root特权的应用程序尝试访问D-Bus时，它只会生成另一个 dbus守护程序，由root用户拥有。

Let's assume this kind of situation: we have one user logged in, executing some application through sudo or su. This user has got a dbus-daemon running.
However, when an application running with root privileges tries to access D-Bus, it just spawns another dbus-daemon, owned by root user. That's not a desired situation.

是否有一种方法可以访问通过 sudo运行应用程序的用户的D-Bus会话或 su ？

Is there a way to gain access to D-Bus session of user who ran the application through sudo or su?

推荐答案

首先，使用 su 或调用应用程序时，需要保留 DBUS_SESSION_BUS_ADDRESS 环境变量sudo 。不幸的是，这还不够，因为DBus始终（作为安全措施）检查调用进程和会话守护程序的UID是否相同。唯一的解决方法是在连接到会话总线之前，从此应用程序调用 seteuid 。然后可以使用 seteuid（0）重新获得特权。

First, you need DBUS_SESSION_BUS_ADDRESS environment variable to be preserved when invoking application with su or sudo. Unfortunately, this is not enough, because DBus always checks (as a security measure) whether UIDs of the calling process and the session daemon are the same. The only workaround is to call seteuid from this application before connecting to the session bus. You can regain your privileges then with seteuid(0).

这篇关于访问其他用户的D-Bus会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！