访问另一个用户的 D-Bus 会话
让我们假设这种情况:我们有一个用户登录,通过 sudo 或 su 执行某个应用程序。该用户已运行 dbus-daemon。
然而,当以root权限运行的应用程序尝试访问D-Bus时,它只会生成另一个由root用户拥有的dbus-daemon。这不是我们想要的情况。
有没有办法获得通过 sudo 或 su 运行应用程序的用户的 D-Bus 会话的访问权限?
Let's assume this kind of situation: we have one user logged in, executing some application through sudo or su. This user has got a dbus-daemon running.
However, when an application running with root privileges tries to access D-Bus, it just spawns another dbus-daemon, owned by root user. That's not a desired situation.
Is there a way to gain access to D-Bus session of user who ran the application through sudo or su?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您使用的是 systemd 发行版,相对较新
machinectl shell 命令可以完成su/sudo的工作,它还会设置会话变量,如XDG_RUNTIME_DIR和DBUS_SESSION_BUS_ADDRESS。例如,如果我想以用户test身份运行systemctl --user,正常方法将失败:但这种方法有效:
如果您需要“返回”在调用 sudo 脚本的用户会话中,您可以使用
SUDO_USER/SUDO_UID来一起破解某些内容。If you're on a systemd distro, the relatively new
machinectl shellcommand can do the work ofsu/sudo, and it will also set session variables likeXDG_RUNTIME_DIRandDBUS_SESSION_BUS_ADDRESS. So for example, if I want to runsystemctl --useras usertest, the normal approach will fail:But this way works:
If you need to "reach back" into the user session that invoked a sudo script, you could use the
SUDO_USER/SUDO_UIDto hack something together.首先,当使用
su或sudo调用应用程序时,您需要保留DBUS_SESSION_BUS_ADDRESS环境变量。不幸的是,这还不够,因为 DBus 总是检查(作为安全措施)调用进程和会话守护进程的 UID 是否相同。唯一的解决方法是在连接到会话总线之前从此应用程序调用seteuid。然后您可以使用seteuid(0)重新获得您的权限。First, you need
DBUS_SESSION_BUS_ADDRESSenvironment variable to be preserved when invoking application withsuorsudo. Unfortunately, this is not enough, because DBus always checks (as a security measure) whether UIDs of the calling process and the session daemon are the same. The only workaround is to callseteuidfrom this application before connecting to the session bus. You can regain your privileges then withseteuid(0).