以 root 权限调用 C++ 函数，而不以 root 身份执行整个程序 [英] Calling a C++ function with root privileges, without executing the whole program as root

问题描述

目前我正在玩蓝牙 LE 和 iBeacon 设备.我写了一个不断寻找附近信标的服务器.

At the moment I am playing around with bluetooth LE and iBeacon devices. I wrote an Server that keeps looking for nearby beacons.

我的服务器遵循这个例子(链接)

My server follows this example (Link)

不幸地调用了函数:

hci_le_set_scan_parameters()

需要root权限.

由于我不想以 root 权限运行整个服务器，所以我想问一下是否有可能仅以 root 权限调用此函数?

As I don't want to run the whole server with root privileges I wanted to ask if there is any possibility for calling only this function with root privileges?

我知道在执行程序时要求 sudo 总是至少有问题我找不到任何其他可能来扫描 iBeacons.如果还有另一种可能性，我也很高兴听到.

I am aware that asking for sudo when executing a program is always at least questionable I could not find any other possibility to scan for iBeacons. If there is another possibility I am happy to hear about it as well.

感谢您的帮助和亲切的问候

Thanks for your help and kind regards

nPlus

推荐答案

根据 POSIX，UID/GID 是 process 属性.进程中的所有代码都使用当前为整个进程设置的 UID/GID 执行.

According to POSIX, UID/GID are process attributes. All code inside your process is executed with UID/GID currently set for the whole process.

您可以以 root 身份启动服务器，然后立即放弃 root 权限.然后，您可以使用 seteuid(2) 临时获得 root 权限 在执行您的函数时.

You could start server as root and immediately drop root privileges. Then, you can temporary gain root privileges using seteuid(2) when executing your function.

另见这个答案.

您也只能获得选定的capabilities(7) 代替(临时或永久).

You can also gain only selected capabilities(7) instead (temporary or permanently).

线程安全注意事项

AFAIK，在 Linux 上 UID/GID 是每线程属性，可以为单线程设置它们，请参阅 seteuid() 手册页中的 NOTES 部分和这篇文章.

AFAIK, on Linux UID/GID are per-thread attributes and it's possible to set them for single thread, see NOTES section in seteuid() man-page and this post.

这篇关于以 root 权限调用 C++ 函数，而不以 root 身份执行整个程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！