当前位置: 文江博客话题详情

我需要授予 java 应用程序超级用户访问权限以查看 Mac 上受保护的文件

发布于 2024-12-04 13:23:56 字数 110 浏览 2 评论 0原文

如上所述。 我浏览了网络,还拨打了 mac 支持并惹恼了一位 mac (OSX Lion) 天才(出于绝望)。 我不知道如何做到这一点,我真的不想坐在终端上并给它命令。 有没有人遇到过这个或者有解决方案?

原文

As above.
I have scoured the web, i also rang mac support and annoyed a mac (OSX Lion) genius (out of desperation).
I have no idea how to do this, I really don't want to have to sit on top of a terminal and give it commands.
Has any one encountered this or got a solution?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

朱染 2024-12-11 13:23:56

尝试查看 Greg Guerin 的 AuthKit 库。它是一个特定于 Mac 的库,包装了 Mac OS X 授权服务

下面是一个示例:

import glguerin.authkit.*;

Privilege priv = new Privilege("system.privilege.admin");
Authorization auth = new MacOSXAuthorization();

try
{
  // This will cause an authentication prompt to be
  // shown to the user, requesting the "system.privilege.admin"
  // privilege.
  auth.authorize(priv, true);

  // If we reach this point, we can execute privileged programs.

  // Load the secured file.
  Process proc = auth.execPrivileged(new String[] { "/bin/cat", "/root/securefile" });
  InputStream inputStream = proc.getInputStream();

  // Use standard I/O mechanisms to read the input.
}
catch (UnauthorizedCancellation e)
{
  // User chose not to authorize the application.
  // Handle appropriately.
}

auth.authorize() 调用将导致标准的“请输入您的密码以允许程序 X 进行更改”对话框。如果需要,用户可以取消,从而导致抛出 glguerin.authkit.UnauthorizedCancellation

Mac OS X 授权提示的屏幕截图

此解决方案比使用 sudosetuid:它仅以 root 身份运行必要 任务。

最后一个问题:AuthKit 的默认 JNI 加载器使用 Cocoa/Java 桥接器,该桥接器是从 Mac OS X 中删除为的雪豹。因此,在最新版本的 Mac OS X 上,上面的代码将失败并显示 UnsatisfiedLinkError。要解决此问题,请使用以下方法:

// Put this class somewhere:
public class AuthKitLibLoader extends LibLoader
{
  @Override
  protected File makeFallbackDir()
  {
    return new File(".");
  }
}

// Then, before calling AuthKit (using the above example), do this:

// Hook in our "Snow Leopard-safe" extension to AuthKit (see below).
System.setProperty("glguerin.util.LibLoader.imp", AuthKitLibLoader.class.getName());

最后,请务必阅读 AuthKit 文档 了解更多详细信息。

Try looking at Greg Guerin's AuthKit library. It is a Mac-specific library that wraps Mac OS X Authorization Services.

Here is an example:

import glguerin.authkit.*;

Privilege priv = new Privilege("system.privilege.admin");
Authorization auth = new MacOSXAuthorization();

try
{
  // This will cause an authentication prompt to be
  // shown to the user, requesting the "system.privilege.admin"
  // privilege.
  auth.authorize(priv, true);

  // If we reach this point, we can execute privileged programs.

  // Load the secured file.
  Process proc = auth.execPrivileged(new String[] { "/bin/cat", "/root/securefile" });
  InputStream inputStream = proc.getInputStream();

  // Use standard I/O mechanisms to read the input.
}
catch (UnauthorizedCancellation e)
{
  // User chose not to authorize the application.
  // Handle appropriately.
}

The auth.authorize() call will cause the standard "Please enter your password to allow program X to make changes" dialog. The user can cancel if desired, causing glguerin.authkit.UnauthorizedCancellation to be thrown.

screen shot of Mac OS X authorization prompt

This solution has a huge advantage over using sudo or setuid: it only runs the necessary tasks as root.

One last gotcha: the default JNI loader for AuthKit uses the Cocoa/Java bridge, which was removed from Mac OS X as of Snow Leopard. So on recent versions of Mac OS X, the code above will fail with UnsatisfiedLinkError. To work around this, use the following:

// Put this class somewhere:
public class AuthKitLibLoader extends LibLoader
{
  @Override
  protected File makeFallbackDir()
  {
    return new File(".");
  }
}

// Then, before calling AuthKit (using the above example), do this:

// Hook in our "Snow Leopard-safe" extension to AuthKit (see below).
System.setProperty("glguerin.util.LibLoader.imp", AuthKitLibLoader.class.getName());

Finally, be sure to read the AuthKit documentation for more detail.

回复 原文
泅人 2024-12-11 13:23:56

如果您以 root 用户身份运行应用程序,则应用程序将拥有对所有内容的完全访问权限。

然而,这是一个危险操作,因为它赋予应用程序完全权限

另一种选择是以具有相关文件所需权限的用户身份运行它。这可以通过将用户或文件放入适当的组来完成。

If you run the application as the root user, the application will have full access to everything.

This is a dangerous operation however because it gives the application full privileges.

Another option would be to run it as a user that has the needed permissions to the files in question. This can be done by putting the user or the files in the appropriate group.

回复 原文
ゞ花落谁相伴 2024-12-11 13:23:56

您可能需要将应用程序设置为 root。

> su
Enter password:
> chown root:wheel myJavaApp
> chmod ug+s myJavaApp
> exit

现在,每当wheel组中的某人运行myJavaApp时,它将以其所有者(root)身份运行。只要确保您在wheel组(或任何其他组)中

或者,您可以chmod a+s myJavaApp ...但这会让任何人以root身份运行该程序。我会仔细考虑一下。

You probably need to SETUID the application to root.

> su
Enter password:
> chown root:wheel myJavaApp
> chmod ug+s myJavaApp
> exit

Now whenever someone in the wheel group runs myJavaApp, it will run as its owner (root). Just make sure you're in the wheel group (or whatever other group)

Alternatively, you could chmod a+s myJavaApp ... but that would let ANYONE AT ALL run the program as root. I would think carefully about that.

回复 原文
~没有更多了~

关于作者

梦幻之岛

暂无简介

0 文章
0 评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文