以Root身份运行Java程序的一部分 [英] Running a part of a Java Program as Root

问题描述

全部，

我想以root身份运行我的Java程序的一部分。只有一个特定的函数作为root。程序的其他部分应该以启动程序的用户权限运行。我想只以root身份运行下面的代码，而另一个原样运行。这是因为我在使用ROOT权限运行时会看到此代码的不同行为。

I want to run a part of my Java program as root. Only one particular function as root. The other part of the programs should run with the user privileges with which the program was started. I want to run only the below code as root and the other as it is. This is because I see different behavior for this code when it runs with ROOT privileges.

 try
    {
         addr = Inet6Address.getByName(host);
         isReachable = addr.isReachable(20*1000);
    } catch (UnknownHostException e)

提前致谢

推荐答案

Java程序没有可移植的方式来更改有效的用户ID;即从使用root权限运行更改为另一个用户。 （即使在C语言中，应用程序也无法在特权和非特权之间切换。权限切换是单向的。）

There is no portable way for a Java program to change the effective user id; i.e. change from running with root privilege to another user. (And even in C an application can't switch between privileged and non-privileged willy-nilly. Privilege switching is a one-way street.)

读取javadoc InetAddress.isReachable 使用不同的机制，具体取决于JVM进程的权限。但是， isReachable 使用的两种方法都不能正常工作;例如

Reading the javadoc for InetAddress.isReachable it does use different mechanisms depending on the JVM process's privilege. However, neither of the two approaches used by isReachable is guaranteed to work; e.g.

• 某些防火墙可能会选择性地阻止ICMP ECHO消息，


• 目标计算机可能没有运行端口7 ...或端口7上的Echo服务可能被防火墙锁定。

所以我会解决完全避免问题。只是尝试做任何你真正试图做的事情，忘记使用 isReachable 。或者，如果它在您的控制范围内，请修复机器/网络，以便两种机制都适用于您需要测试的机器。

So I would address avoid issue entirely. Just try to do whatever it is that you are really trying to do, and forget about using isReachable. Or if it is within your control, fix the machines / networks so that both mechanisms work for the machines you need to test.

@Geek - 您说您无法测试特定端口，因为它们可以被阻止。那么任何都可以被阻止，包括ICMP PING，ICMP ECHO以及你可能用来测试主机是否可以访问的任何其他东西。

@Geek - you say that you can't test particular ports because they can be blocked. Well anything can be blocked, including ICMP PING, ICMP ECHO and anything else that you might use to test if the host is reachable.

那里只有一件事真的很重要：您能否与您实际将要使用的服务进行对话。并且只有一种方法可以找到：尝试使用它。

There is only one thing that really matters: can you talk to the service that you are actually going to use. And there is only one way to find out: try to use it.

或者用另一种方式说，测试主机是否可用是没有意义的。主机不可用：具体服务是。

Or to say it another way, testing if a host is available doesn't make sense. Hosts are not available: specific services are.

这篇关于以Root身份运行Java程序的一部分的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！