如何使用 jsvc 以 root 身份执行操作?

发布于 2024-11-25 11:54:44 字数 2796 浏览 2 评论 0原文

我正在尝试使用 jsvc 来创建一个守护进程,听起来某些事情可以用 root 身份完成(例如,Tomcat 显然可以绑定到特权端口)。我想知道的是如何做到这一点。

在我的简单守护程序中,我尝试打开一些在 init() 过程中只能以 root 身份读取的文件,但我已经以当时选择的用户身份运行(在我的例子中, “没有人”)。如果 Tomcat 可以绑定到特权端口,那么我似乎应该能够打开 root 拥有的配置文件。

我是否正在尝试做一些 jsvc 不适合的事情,或者我只是错过了一些东西?

我的代码:

public class MediaProcessorDaemon implements Daemon {

    ClassPathXmlApplicationContext spring = null;

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#init(org.apache.commons.daemon.DaemonContext)
     */
    @Override
    public void init(DaemonContext context) throws DaemonInitException, Exception {
        /* This next line throws an exception */
        this.spring = new ClassPathXmlApplicationContext("/META-INF/spring/media-processor-context.xml");
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#start()
     */
    @Override
    public void start() throws Exception {
        this.spring.start();
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#stop()
     */
    @Override
    public void stop() throws Exception {
        if (this.spring != null) {
            this.spring.stop();
        }
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#destroy()
     */
    @Override
    public void destroy() {
        if (this.spring != null) {
            this.spring.close();
        }
    }
}

和错误消息:

org.springframework.beans.factory.BeanInitializationException: Could not load properties; nested exception is java.io.FileNotFoundException: /etc/media/media-processor.properties (Permission denied)
        at org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:78)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:663)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:638)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:407)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
        at com.mycompany.mediaprocessor.MediaProcessorDaemon.init(MediaProcessorDaemon.java:24)
[snip]

所以在 init() 中,我试图打开一个只能由 root 读取的文件(/etc/media/media-processor.properties),并且我收到“权限被拒绝”。

我这样执行:

sudo jsvc -debug -user nobody -cp $classPath com.mycompany.MediaProcessorDaemon

I'm trying to use jsvc to make a daemon process, and it sounds like certain things can be done as root with it (for example, Tomcat can apparently bind to privileged ports). What I'm wondering is how to do that.

In my simple Daemon program, I try to open some files that are only readable as root during the init() process, but I'm already running as the user I selected by then (in my case, "nobody"). If Tomcat can bind to privileged ports, it seems like I should be able to open root-owned config files.

Am I trying to do something that jsvc isn't meant for, or am I just missing something?

My code:

public class MediaProcessorDaemon implements Daemon {

    ClassPathXmlApplicationContext spring = null;

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#init(org.apache.commons.daemon.DaemonContext)
     */
    @Override
    public void init(DaemonContext context) throws DaemonInitException, Exception {
        /* This next line throws an exception */
        this.spring = new ClassPathXmlApplicationContext("/META-INF/spring/media-processor-context.xml");
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#start()
     */
    @Override
    public void start() throws Exception {
        this.spring.start();
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#stop()
     */
    @Override
    public void stop() throws Exception {
        if (this.spring != null) {
            this.spring.stop();
        }
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#destroy()
     */
    @Override
    public void destroy() {
        if (this.spring != null) {
            this.spring.close();
        }
    }
}

And the error message:

org.springframework.beans.factory.BeanInitializationException: Could not load properties; nested exception is java.io.FileNotFoundException: /etc/media/media-processor.properties (Permission denied)
        at org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:78)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:663)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:638)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:407)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
        at com.mycompany.mediaprocessor.MediaProcessorDaemon.init(MediaProcessorDaemon.java:24)
[snip]

So in init(), I'm trying to open a file which is readable only by root (/etc/media/media-processor.properties), and I'm getting "Permission denied".

I execute it like this:

sudo jsvc -debug -user nobody -cp $classPath com.mycompany.MediaProcessorDaemon

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文