Java 如何从 Eclipse 以超级用户身份运行我的应用程序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2580279/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I run my application as superuser from Eclipse?
提问by Ronald
I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?
当我尝试从 Eclipse 运行我的服务器应用程序时遇到错误。错误是java.net.BindException: Permission denied。我认为这是因为我使用端口 443 来设置 SSL 连接。如果我使用 java 和 sudo 在命令行上运行我的代码,我可以解决这个问题。有没有办法设置 Eclipse,以便当我点击运行按钮时,我的应用程序使用 sudo 执行?
回答by Zoltán Ujhelyi
If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
如果您使用外部工具(运行菜单/外部工具或工具栏上运行/调试图标旁边的图标),您可以使用任何脚本或您喜欢的任何内容。脚本可能会给你更高的权限,或者其他什么。
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.
另一方面,通过这种方式调试应用程序会变得非常困难,因为 Run 和 Debug 命令都不会与此外部工具配置相关联。也许可以连接应用程序的 Eclipse 调试器,但我不知道这怎么可能。
回答by ring bearer
Assuming you are on Linux (*nix), How about starting your eclipse session via a sudo command?
假设您在 Linux (*nix) 上,如何通过 sudo 命令启动您的 eclipse 会话?
Such as
如
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?
现在无论你在 eclipse 中做什么都会有 sudo 上下文?
回答by VonC
As mentioned in this thread:
如本主题所述:
In order to open a port below 1024 on Unix/Linux systems you need to be "root".
I also used the argument
-Dorg.eclipse.equinox.http.jetty.port=8080to change the listen port, but this seems to be ignored (according to the stacktrace)Please use "
-Dorg.osgi.service.http.port=8080".
为了在 Unix/Linux 系统上打开 1024 以下的端口,您需要成为“root”。
我还使用参数
-Dorg.eclipse.equinox.http.jetty.port=8080来更改监听端口,但这似乎被忽略了(根据堆栈跟踪)请使用“
-Dorg.osgi.service.http.port=8080”。
As mentioned in HTTP Service:
org.osgi.service.http.port- specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.org.osgi.service.http.port.secure- specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.
org.osgi.service.http.port- 指定用于 http 服务的端口号。根据 OSGi 规范,此属性的默认值为 80(需要 root 权限)。org.osgi.service.http.port.secure- 指定用于安全 http 服务的端口号。根据 OSGi 规范,此属性的默认值为 443(需要 root 权限)。
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.
也许如果您尝试将最后一个属性修改为大于 1024 的值,它可以在不需要任何特殊权限的情况下工作。
回答by Stephen C
Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
另一种选择是使用 iptables 或 ipfilter 将端口 80 转发到 1024 以上的端口。
(Can someone contribute a link to a practical and easy-to-understand explanation ?)
(有人可以提供一个实用且易于理解的解释的链接吗?)
回答by kagali-san
You may go this way
你可以走这条路
- create a Makefile with javac calls
- add the following line:
- 使用 javac 调用创建 Makefile
- 添加以下行:
setcap 'cap_net_admin=+ep' Server
setcap 'cap_net_admin=+ep' Server
- configure sudo to allow your Eclipse user to run setcap.
- 配置 sudo 以允许您的 Eclipse 用户运行 setcap。
So you will have a transparent debugging (no sudo wrapper - gdb ok). Cons: it is a local security breach.
所以你将有一个透明的调试(没有 sudo 包装器 - gdb ok)。缺点:这是一个本地安全漏洞。
Solution:
解决方案:
put this to /opt/my-stupid-eclipse
把它放到 /opt/my-stupid-eclipse
#!/bin/sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
#!/bin/sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
chmod +x this script and whitelist it on sudo config.
chmod +x 此脚本并将其列入 sudo 配置白名单。
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
用户名 ALL=(ALL) NOPASSWD:/opt/my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
将其添加到您的 makefile,指定服务器二进制文件的路径。
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.
现在你有一个非常奇怪但安全的脚本,它不能被其他用户更改......而且用任何恶意代码替换服务器二进制文件仍然有点违反,这将获得上限,因此没有文件名检查/严格会有所帮助......可以 $1被 bash 命令污染了,不是吗?猜猜,没有。
回答by Sean
A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
也许更好的答案是,如果这满足您的需求并且是可能的,则可能是路由器上的简单端口重定向。
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger, set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
不要试图强制你的 linux/unix 打开一个保留端口,当你现在只开发这个(不是安装)并且你想在调试器中运行它时,将你的路由器设置为将传入(外部)端口 443 重定向到一个端口这更适合您当前的需求(例如 4443)。
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!
我认为大多数路由器都支持这一点,如果你的路由器不支持,它会给你的妈妈一个很好的圣诞节或生日礼物的主意!
回答by Eric Spencer
I am writing C not Java but this should work in either case. I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.
我正在编写 C 而不是 Java,但这应该适用于任何一种情况。我使用远程调试 - 定义到 LOCALHOST 的“远程”连接,它允许您指定要连接的用户,指定 ROOT。然后在调试配置连接中定义一个远程应用程序:LOCALHOST。请务必选中主选项卡底部以及连接属性窗口下的“跳过下载到目标路径”。
回答by rednammoc
You can follow these steps to compile/debug applications as superuser.
您可以按照以下步骤以超级用户身份编译/调试应用程序。
Rename your java-application
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
#!/bin/bash # file: /usr/lib/jvm/java-6-openjdk/jre/bin/java # descr: Starter for jdk. Runs jdk as root when # cmd-line-arg "--run-as-root" is specified. # jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori" run_as_root=false args= # Filter command-line argument for arg in "$@" do case "$arg" in --run-as-root) run_as_root=true ;; *) args="$args $arg" ;; esac done # Remove leading whitespaces args=$(echo $args | sed -e 's/^[ \t]*//') if $run_as_root then echo "WARNING: Running as root!" gksu "$jre $args" else $jre $args fiChange the permissions to make it executable
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
Startup eclipse
- Go to Window->Preferences->Java->Installed JREs
- Duplicate java-6-openjdk to java-6-openjdk-root
- Edit JRE and add "--run-as-root" as Default VM Argument
重命名您的 Java 应用程序
须藤 mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
创建以下脚本并将其存储为 /usr/lib/jvm/java-6-openjdk/jre/bin/java
#!/bin/bash # file: /usr/lib/jvm/java-6-openjdk/jre/bin/java # descr: Starter for jdk. Runs jdk as root when # cmd-line-arg "--run-as-root" is specified. # jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori" run_as_root=false args= # Filter command-line argument for arg in "$@" do case "$arg" in --run-as-root) run_as_root=true ;; *) args="$args $arg" ;; esac done # Remove leading whitespaces args=$(echo $args | sed -e 's/^[ \t]*//') if $run_as_root then echo "WARNING: Running as root!" gksu "$jre $args" else $jre $args fi更改权限以使其可执行
须藤 chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
启动日食
- 转到窗口-> 首选项-> Java-> 已安装的 JRE
- 将 java-6-openjdk 复制到 java-6-openjdk-root
- 编辑 JRE 并将“--run-as-root”添加为默认 VM 参数
To run projects as root you need to follow these steps:
要以 root 身份运行项目,您需要执行以下步骤:
- Go to Project->Properties->Java Build Path
- Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
- 转到项目-> 属性-> Java 构建路径
- 双击 JRE 系统库并在备用 JRE 中选择“java-6-openjdk-root”
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
注意:这个想法来自http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
回答by Michael Z
You can use Remote Java Applicationmechanism for this.
您可以为此使用远程 Java 应用程序机制。
- Create Debug configurationfor Remote Java Applicationsection in Run -> Debug configurations...
- Set your project name
- Choose Connection typeas Standard (Socket Attach)
- Configure Connection propertiesparameters for your binding (for you it will be localhostand 443).
- Set breakpoint in your app (e.g. at the beginning of the mainmethod)
- Run your app from terminal as superuser with following params: -java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
- Hit debug button in Eclipse for early created Remote Java Application
- You code should be stopped on breakpoint in Eclipse!
- 创建调试配置的远程Java应用程序中的部分运行- >调试配置...
- 设置你的项目名称
- 选择连接类型为标准(套接字连接)
- 为您的绑定配置连接属性参数(对于您来说,它将是localhost和443)。
- 在您的应用程序中设置断点(例如在main方法的开头)
- 使用以下参数从终端以超级用户身份运行您的应用程序: - java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
- 在 Eclipse 中点击调试按钮以获取早期创建的远程 Java 应用程序
- 您的代码应该在 Eclipse 中的断点处停止!
