chmod - 可执行文件的权限
我必须使用 os.chmod
更改可执行文件的文件权限。
我有这个可执行文件,我想更改它的权限,以便它无法写入任何地方,只能读取和执行。
我怎样才能做到这一点?
谢谢,
鲁比克
I have to change file permissions on an executable file, using os.chmod
.
I have this executable and I want to change its permissions so that it can write nowhere, only reading and executing.
How can I do that?
Thanks,
rubik
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以使用 chmod 在文件上设置的权限会影响谁可以读取/写入/执行该文件,而不是影响通过运行该文件创建的进程拥有的权限。
在 Unix 上,您可以通过使用文件所有者和粘滞位并在文件系统上拥有适当的权限来获得某种形式的保护,但这并不容易做到,并且在 Windows 上不起作用(那里没有粘滞位)。
The permissions you can set on a file with
chmod
affect who can read from/write to/execute that file, not what privileges the process created by running that file has.On Unix you could get some form of protection by playing with the file owner and the sticky bit, and having appropriate permissions on your filesystem, but that's not easy to get right and doesn't work on Windows (no sticky bit there).
这不是 chmod 的工作原理 - 它设置文件本身的权限,它不能限制可执行文件可以写入。
That's not how
chmod
works - it sets permissions on the file itself, it can't restrict what an executable can write to.某些 Linux 或 Unix 系统用来禁止可执行文件写入内容的解决方法是为没有权限(几乎“不存在”)的用户设置可执行文件 setuid,例如
nobody
用户(例如在 Debian 或 Ubuntu 中)。请小心并阅读有关 seteuid & 的更多信息。 setreuid & 功能 & 凭证 (我不知道所有这些系统调用是否都有 pythonic 接口)。A workaround used by some Linux or Unixes to forbid an executable to write something is to make that executable setuid to a user which has no permission (which nearly "don't exist"), such as the
nobody
user (e.g. in Debian or Ubuntu). Be careful and read more about seteuid & setreuid & capabilities & credentials (and I don't know precisely if all these syscalls have a pythonic interface).