在不同版本的 Linux 下以编程方式提升权限的最佳方法?
有一种标准方法(跨 Linux 发行版工作)来启动一个进程(从另一个应用程序),要求输入 root 密码以提升权限?
我尝试使用gksudo(默认安装在ubuntu中),但在其他发行版(或其他桌面管理器)下可能无法安装。
There is a standard way (working across Linux distributions) to launch a process (from another application) asking for the root password in order to elevate privileges?
I tried to use gksudo (it is installed in ubuntu by default), but under other distributions (or under other desktop manager) it may not be installed.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我建议查看 PolicyKit 这是大多数现代发行版用来实现此目的的方法。
I would recommend looking at PolicyKit which is what most modern distros are using to accomplish this.
这在任何地方都有效,但不会缓存密码,并要求 root 而不是用户密码(如
sudo所做的那样):编辑:不禁用 root 帐户的 ubuntu。 也许你需要这样的东西:
That works everywhere but does not cache the password and asks for the root and not the user password (as
sudodoes):EDIT: Not on ubuntu where the root-account is disabled. Probably you need something like that:
唯一默认的是文本模式 su。 大多数发行版还安装了 sudo。
现在,在基于 KDE 的发行版中,您将拥有 kdesu,而在基于 GNOME 的发行版中,它将是 gksu 和 gksudo。 Kerberized 域中的计算机具有 ksu。
您可以尝试使用 /etc/sysconfig/desktop 来查看哪个是默认桌面。
The only default thing is text mode su. Most distros have also sudo installed.
Now, in KDE based distros you'll have kdesu, while in GNOME based it'll be gksu and gksudo. Machines in Kerberized domains have ksu.
You might try to use
/etc/sysconfig/desktopto see which is the default desktop.传统上,如果您的应用程序需要允许用户提升权限,它会安装自己的单一用途
setuid可执行文件——单一用途意味着它执行所需的任务,而不是充当通用启动器。OTOH setuid 可执行文件也是安全漏洞的常见来源,因此请务必小心。
Traditionally, if your application needs to allow a user to elevate privileges, it installs its own single-purpose
setuidexecutable -- single-purpose meaning that it performs the task needed, instead of acting as a general-purpose launcher.OTOH setuid executables have also been a common source of security holes too, so exercise care.