Re: 用户家目录的访问权限问题
On Thu, Nov 24, 2005 at 07:19:23PM +0800, William Xu wrote:
> Ming Hua <minghua@rice.edu> writes:
>
> > On Thu, Nov 24, 2005 at 10:17:38AM +0800, William Xu wrote:
>
> >> 另外,假如有些用户程序的运行需要 root 权限,(比如,C 里的 bind 函数),
> >> 如何有限地将这些权限放给他们呢?
> >
> > sudo 可以做到限制只能以 root 权限执行某些特定程序和访问某些特定文件 (设
> > 备、目录)。
>
> 如果这些程序,文件本身是 root 所有,sudo 的确可以解决。
>
> 可是,问题在于,像 bind 函数这种, 存在程序代码中的,sudo 就不行了吧。或
> 者我再具体一点,用户 A 要在机器上编写程序,里面需要用到 bind 函数,而只
> 有 root 才能运行用到 bind 的程序。。。
>
[Sorry for the English reply]
The key question is whether the program is meant to be run by non-root
users. If the program should only be run by root, you do not have to
do anything special. If the program is designed to be used by non-root
users, you have some choices: (a) make the program setuid to root, you
should be very careful to manage the privilege of the program, which is
not an easy task; or (b) you can write a small setuid-root program to
bind the socket, and then drop priviledges and invoke the main program
as a non-root user.
For development, you can test/debug your program with a non-privileged
port number.
Qingning
Reply to: