如何在 Linux 中以 root 权限运行脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6119254/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to run a script with root authority in Linux
提问by kevin
I have to develop a Web site written in CGI.
我必须开发一个用 CGI 编写的网站。
I would like to know how to run a script with root authority from CGI.
我想知道如何从 CGI 运行具有 root 权限的脚本。
Let's say the script name is hello, I run it from CGI like system("pathToTheFile/hello").
假设脚本名称是hello,我像system("pathToTheFile/hello")一样从 CGI 运行它。
Now I would like to run this hello file as root; can anybody help me with this?
现在我想以 root 身份运行这个 hello 文件;有人可以帮我吗?
回答by paxdiablo
The normal method would be to have the executable file owned by the user you want to run it as, then set the SUIDbit.
通常的方法是让您想要运行它的用户拥有可执行文件,然后设置SUID位。
The method of using sudousually requires user input for the password (there are ways around this but they're hideously complex).
使用方法sudo通常需要用户输入密码(有一些方法可以解决这个问题,但它们非常复杂)。
I suppose I don't need to mention that setting the SUID bit is a very dangerous thing to do, yes? If there's anyother way to do what you want, you should use it.
我想我不需要提到设置 SUID 位是一件非常危险的事情,是吗?如果有任何其他方法可以做你想做的事,你应该使用它。
One thing you may want to consider is to pose the question not in terms of the solution you need but in terms of the problem you want solved. Running as root is a solutionand not necessarily a good one. Post whatyou're trying to achieve rather than how,and we can help you out in a far less dangerous way.
您可能需要考虑的一件事是,不是根据您需要的解决方案,而是根据您想要解决的问题来提出问题。以 root 身份运行是一种解决方案,但不一定是好的。邮政什么你想要实现,而不是如何,我们可以帮助你在很远的不那么危险的方式。
回答by Ernest Friedman-Hill
Generally the safest way to do this kind of thing is to use the setuidfeature of UNIX-like OSs. If you set the owner of the helloprogram to be root, and then set the setuid bit:
一般来说,做这种事情最安全的方法是使用类 UNIX 操作系统的setuid特性。如果将hello程序的所有者设置为root,然后设置 setuid 位:
chmod u+s hello
Then no matter whoexecutes the program, it will execute as root. This works for native executables, but not for interpreted scripts. If "hello" has to be a script, then this won't work for you.
那么无论谁执行该程序,它都会以root身份执行。这适用于本机可执行文件,但不适用于解释脚本。如果“hello”必须是脚本,那么这对您不起作用。
Now, I have to say that in general, setuid root programs aren't a great idea. Often you can create a special user to own the script, and give that user some limited privileges needed, and then make the script setuid to that user.
现在,我不得不说一般来说,setuid root 程序并不是一个好主意。通常,您可以创建一个特殊用户来拥有该脚本,并赋予该用户一些所需的有限权限,然后将该脚本设置为该用户的 setuid。
回答by Zan Lynx
A much safer method of doing things as root from a web page is to disconnect the program execution from the web page. Instead, use Unix local sockets, named pipes, or a directory of queued jobs.
从网页以 root 身份执行操作的一种更安全的方法是断开程序执行与网页的连接。相反,使用 Unix 本地套接字、命名管道或排队作业的目录。
The directory is probably the easiest to handle. Set up a directory that your web page can write files into. When your page needs something done, write a file describing the job. Then you have a program running as root waiting for new jobs. It can run continuously if it needs fast response or it can run every minute or every few minutes using a crontab entry.
该目录可能是最容易处理的。设置一个目录,您的网页可以将文件写入其中。当您的页面需要完成某项工作时,请编写一个描述该作业的文件。然后你有一个以 root 身份运行的程序,等待新的工作。如果需要快速响应,它可以连续运行,也可以使用 crontab 条目每分钟或每几分钟运行一次。
