删除 root 权限 [英] Dropping root privileges
问题描述
我有一个以 root 身份启动的守护进程(因此它可以绑定到低端口).初始化后,出于安全原因,我非常希望它放弃 root 权限.
I have a daemon which gets started as root (so it can bind to low ports). After initialisation I'd very much like to have it drop root privileges for safety reasons.
谁能给我指出一段已知正确的 C 代码可以做到这一点?
Can anyone point me at a known correct piece of code in C which will do this?
我阅读了手册页,查看了不同应用程序中的各种实现,它们都不同,其中一些非常复杂.这是与安全相关的代码,我真的不想重蹈其他人的覆辙.我正在寻找的是一种最佳实践,众所周知的好,可移植的库函数,我可以在知道它会正确使用的情况下使用它.这种东西存在吗?
I've read the man pages, I've looked at various implementations of this in different applications, and they're all different, and some of them are really complex. This is security-related code, and I really don't want to reinvent the same mistakes that other people are making. What I'm looking for is a best practice, known good, portable library function that I can use in the knowledge that it's going to get it right. Does such a thing exist?
供参考:我以 root 身份开始;我需要更改为在不同的 uid 和 gid 下运行;我需要正确设置补充组;之后我不需要改回root权限.
For reference: I'm starting as root; I need to change to run under a different uid and gid; I need to have the supplementary groups set up correctly; I don't need to change back to root privileges afterwards.
推荐答案
您正在寻找这篇文章:
不知道如何最好地将一些信息放在那里而不复制该页面的内容......
Not sure how to best put some information there without duplicating the content of that page ...
这篇关于删除 root 权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!