以 root 身份运行 Java 程序的一部分
所有,
我想以 root 身份运行我的 Java 程序的一部分。作为 root,只有一项特定功能。程序的其他部分应以程序启动时的用户权限运行。我只想以 root 身份运行以下代码,而其他代码则按原样运行。这是因为当该代码以 ROOT 权限运行时,我发现该代码有不同的行为。
try
{
addr = Inet6Address.getByName(host);
isReachable = addr.isReachable(20*1000);
} catch (UnknownHostException e)
提前致谢
All,
I want to run a part of my Java program as root. Only one particular function as root. The other part of the programs should run with the user privileges with which the program was started. I want to run only the below code as root and the other as it is. This is because I see different behavior for this code when it runs with ROOT privileges.
try
{
addr = Inet6Address.getByName(host);
isReachable = addr.isReachable(20*1000);
} catch (UnknownHostException e)
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
Java 程序没有可移植的方法来更改有效用户 ID;即从以 root 权限运行更改为另一个用户。 (即使在 C 语言中,应用程序也无法随意在特权和非特权之间切换。特权切换是一条单向街。)
阅读
InetAddress.isReachable它确实根据 JVM 进程的权限使用不同的机制。但是,isReachable使用的两种方法都不能保证有效。例如,所以我会完全解决避免问题。只要尝试做您真正想做的事情,而忘记使用
isReachable。或者,如果它在您的控制范围内,请修复机器/网络,以便两种机制都适用于您需要测试的机器。@Geek - 你说你无法测试特定端口,因为它们可能被阻止。嗯,任何都可以被阻止,包括 ICMP PING、ICMP ECHO 以及您可能用来测试主机是否可访问的其他任何内容。
只有一件事真正重要:您能否与您实际要使用的服务进行对话。只有一种方法可以找到答案:尝试使用它。
或者换句话说,测试主机是否可用是没有意义的。主机不可用:特定服务可用。
There is no portable way for a Java program to change the effective user id; i.e. change from running with root privilege to another user. (And even in C an application can't switch between privileged and non-privileged willy-nilly. Privilege switching is a one-way street.)
Reading the javadoc for
InetAddress.isReachableit does use different mechanisms depending on the JVM process's privilege. However, neither of the two approaches used byisReachableis guaranteed to work; e.g.So I would address avoid issue entirely. Just try to do whatever it is that you are really trying to do, and forget about using
isReachable. Or if it is within your control, fix the machines / networks so that both mechanisms work for the machines you need to test.@Geek - you say that you can't test particular ports because they can be blocked. Well anything can be blocked, including ICMP PING, ICMP ECHO and anything else that you might use to test if the host is reachable.
There is only one thing that really matters: can you talk to the service that you are actually going to use. And there is only one way to find out: try to use it.
Or to say it another way, testing if a host is available doesn't make sense. Hosts are not available: specific services are.
权限分离在 JAVA 中是不可能的,因为它在不同操作系统中的工作方式非常不同。
解决您的问题的一种可能方法是尝试 TCP 连接。您可以捕获 IOException,其中包含附加信息。这是高度依赖于平台的,所以要明智地解释它们。
Privilege separation is not possible in JAVA as it works very diffrent ways in different OS's.
A possible way to solve yor problem is a TCP connection attempt. You can catch the IOException which will contain additional information. This is highly platform-dependant, so be smart about interpreting them.
要以其他权限运行程序的某些部分,您将需要 JNI 和系统相关调用。更简单的方法是使用 ProcessBuilder 或 Runtime.exec 调用外部程序:
这需要在 sudoers 配置文件中添加合适的条目(对于其他系统和/或其他版本的 ping 可能还有其他参数) 。
但正如其他人所说,通过 ping 可达性并不等于您想要使用的服务是可达的。
For running parts of a program with other privileges, you would need JNI and system dependent calls. Easier would be to simply call an external program with ProcessBuilder or Runtime.exec:
This would need a suitable entry in the
sudoersconfiguration file (and for other systems and/or other versions of ping maybe other parameters).But as the others said, reachability by ping is not equivalent to the service you want to use is reachable.