Re: 用户家目录的访问权限问题

To: William Xu <william.xwl@gmail.com>
Cc: debian-chinese-gb@lists.debian.org
Subject: Re: 用户家目录的访问权限问题
From: Qingning Huo <qingningh@lanware.co.uk>
Date: Thu, 24 Nov 2005 14:13:44 +0000
Message-id: <20051124141344.GA10161@linuxdev3.dev.lanware.co.uk>
In-reply-to: <87fypm9ttw.fsf@williamxwl.com>
References: <871x16n60t.fsf@williamxwl.com> <20051124075155.GA7595@danube.mems.rice.edu> <87fypm9ttw.fsf@williamxwl.com>

On Thu, Nov 24, 2005 at 07:19:23PM +0800, William Xu wrote:
> Ming Hua <minghua@rice.edu> writes:
> 
> > On Thu, Nov 24, 2005 at 10:17:38AM +0800, William Xu wrote:
> 
> >> 另外，假如有些用户程序的运行需要 root 权限，(比如，C 里的 bind 函数),
> >> 如何有限地将这些权限放给他们呢？
> >
> > sudo 可以做到限制只能以 root 权限执行某些特定程序和访问某些特定文件 (设
> > 备、目录)。
> 
> 如果这些程序，文件本身是 root 所有，sudo 的确可以解决。
> 
> 可是，问题在于，像 bind 函数这种, 存在程序代码中的，sudo 就不行了吧。或
> 者我再具体一点，用户 A 要在机器上编写程序，里面需要用到 bind 函数，而只
> 有 root 才能运行用到 bind 的程序。。。
> 

[Sorry for the English reply]

The key question is whether the program is meant to be run by non-root
users.  If the program should only be run by root, you do not have to
do anything special.  If the program is designed to be used by non-root
users, you have some choices: (a) make the program setuid to root, you
should be very careful to manage the privilege of the program, which is
not an easy task; or (b) you can write a small setuid-root program to
bind the socket, and then drop priviledges and invoke the main program
as a non-root user.

For development, you can test/debug your program with a non-privileged
port number.

Qingning

Reply to:

Follow-Ups:
- Re: 用户家目录的访问权限问题
  - From: William Xu <william.xwl@gmail.com>

References:
- 用户家目录的访问权限问题
  - From: William Xu <william.xwl@gmail.com>
- Re: 用户家目录的访问权限问题
  - From: Ming Hua <minghua@rice.edu>
- Re: 用户家目录的访问权限问题
  - From: William Xu <william.xwl@gmail.com>

Prev by Date: xmms在播放歌曲时，如何即时删除不喜欢的歌曲？
Next by Date: Re: 如何按照顺序拷贝 mp3 到随身听？
Previous by thread: Re: 用户家目录的访问权限问题
Next by thread: Re: 用户家目录的访问权限问题
Index(es):
- Date
- Thread