以编程方式提升 Linux 上的权限
我正在创建一个应该在 Linux 上运行的图形安装程序。安装应包括将文件复制到 /usr 中的某些位置。目前安装程序是用 Python 编写的。
当我需要复制文件时,如何提升安装程序的权限?我查看了 PolicyKit 但
- a)似乎没有通用的“安装”文件”action-id for PolicyKit
- b) 我可以使用的操作 id,我不认为它们是跨发行版的标准
我还查看了 PAM,我有使用 libpam 的代码,但我似乎无法用它做任何事情。验证我的用户身份(通过提供用户名和密码)后,我没有 /usr 的写入权限。我尝试在身份验证后使用 os.setuid(0) 更改我的用户,但我从操作系统收到错误。
另外,奇怪的是,我向 pam_start 提供什么服务似乎并不重要。只要用户名和密码正确,我就可以传递任何我想要的内容。我看到我有 /etc/pam.d/sudo。下面的代码经过简化,密码正确存储在 pam_conversation 对象中,并且我确实传递了一个句柄对象。
pam_start("my_user", "my_pass", "sudo_garbage_12345");
效果一样好,也就是说
pam_start("my_user", "my_pass", "sudo");
,它们都成功了。
作为最后的手段,我可能可以执行 gksudo 或 kdesudo 但我不想被这些程序束缚。要求用户使用 sudo 调用我的安装程序是(非常)最后的手段。
I am creating a graphical installer that should run on Linux. Installing should consist of copying files to some places in /usr. Currently the installer is written in Python.
How can I escalate the privileges of my installer when I need to copy files? I looked at PolicyKit but
- a) there doesn't seem to be a generic "install files" action-id for PolicyKit
- b) of the action ids I can use, I don't think they are standard across distros
I also looked at PAM and I have code that uses libpam but I can't seem to do anything with it. After authenticating my user (by providing username and password) I don't have write access to /usr. I tried changing my user with os.setuid(0) after authentication but I get an error from the OS.
Also, strangely, it doesn't seem to matter what service I provide to pam_start. As long as the username and password are correct I can pass anything I want. I see I have /etc/pam.d/sudo. The below code is simplified, the password is correctly stored in a pam_conversation object and I do pass a handle object.
pam_start("my_user", "my_pass", "sudo_garbage_12345");
works just as well as
pam_start("my_user", "my_pass", "sudo");
That is, they both succeed.
As a last resort I can probably execute gksudo or kdesudo but I don't want to be tied to those programs. Requiring users to invoke my installer with sudo is a (very) last resort.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您最好使用前端封装 RPM,该前端接受用户选项并调用 RPM 来完成艰苦的工作。这还为您提供了管理依赖项的基础设施,并与现有的包管理系统很好地配合。如果您需要在基于 .deb 的系统(Debian 或 Ubuntu)上运行,您可能还需要构建 .deb 并在前端放置一些机制来确定哪个包管理系统处于活动状态。
在 Linux 或 Unix 系统(或任何多用户系统)上,授予随机用户 root 权限通常被视为不好的形式,因为这是一个重大的安全风险。但是,如果用户没有 root 访问权限或允许写入系统区域的 sudo 权限,您可以选择让用户将其安装在其主目录 (
~/bin) 下。在这种情况下,如果他们想安装在 /usr/bin 中,您可以要求他们以 root 身份安装它,但如果他们没有 root 权限,则允许他们将其安装在自己的主目录下供自己使用。You might be better off wrapping RPM with a front end that takes the user options and invokes RPM to do the hard work. This also gives you infrastructure for managing dependencies and plays nicely with the existing package management system. If you need to run on a .deb based system (Debian or Ubuntu) you may also need to consturct a .deb and put some mechanism in the front end that works out which package management system is active.
Granting random users access to root privilege is generally viewed as bad form on Linux or Unix systems (or any multi-user system for that matter) as it is a significant security risk. However you do have the option of letting the user install it under their home directory (
~/bin) if they don't have root access or sudo permissions that allow them to write to system areas. In this case you can require them to install it as root if they want to install in /usr/bin but permit them to install it under their home directory for their own use if they don't have root privileges.对于图形安装程序,请坚持使用图形环境。如果可用,请使用 gksudo 或 kdesudo,否则会失败并显示错误对话框,提示它们需要 root。人们(尤其是新手)会下载您的安装程序并双击以从桌面启动它,您需要一种图形方式来询问他们的密码。您不想在它们上打开终端。
鉴于此,即使它们是从终端运行,也不要为它们执行 sudo。只需输出一个错误,说明您需要 root 并退出。如果用户已经处于命令提示符处(就像我最有可能的那样),如果我想这样做,我已经知道如何 sudo 或 su 进入 root 权限。我向你保证,如果你试图让经验丰富的用户root,而他们自己可以做到这一点,你很可能会惹恼一些人。
如果您坚持在安装程序中自己执行 sudo,那么看在上帝的份上,请在删除之前的时间戳之前强制执行“sudo -K”。如果你不这样做,并且我最近使用了 sudo,那么你将在我不知情的情况下以 root 身份运行你的安装程序(因为我不希望这种情况发生)。 “sudo -K”将强制出现提示,然后我可以决定是否要以 root 身份继续。
For a graphical installer, stick with a graphical environment. Use gksudo or kdesudo if they are available, otherwise fail with an error dialog saying they need root. People (newbies in particular) will download your installer and double-click to launch it from their desktop, and you need a graphical way to ask them for their password. You don't want to pop open a terminal on them.
Given that, don't do sudo for them even if they are running from the terminal. Just output an error saying you need root and exit. If the user is already at the command prompt (like I most likely would be), I already know how to sudo or su myself into root if I want to do so. I promise you you will most likely ruffle some feathers if you attempt to make an experienced user root when they can do it themselves.
If you INSIST on doing a sudo yourself from within your installer, for God's sake please force a 'sudo -K' before you do to remove the previous timestamp. If you don't do this, and I have sudo'd recently, you will run your installer with me as root without my knowledge (since I don't expect that to happen). A 'sudo -K' will force a prompt that I can then decide whether I want to proceed as root or not.
在这种情况下,最好的方法是在程序中使用
su。重定向输入/输出,一切顺利!The best way in this case is to use
suwithin your program. Redirect inputs/outputs and you're good to go!