个人中心
gpt4 book ai didi

c++ - 如何从C++将根euid传递给shell脚本

转载 作者:行者123 更新时间:2023-12-02 10:32:46 25 4
gpt4 key购买 nike

我有一个在嵌入式Linux系统上运行的C++程序。

该程序由用户“myuser”启动,并使用“uid”来管理权限。

ls -l /bin/myprog
-rwsr-sr-x    1 root     root        757328 May  7 12:55 myprog

我写了一个小类来处理id。它会在程序启动时读取所有id,并在运行时根据需要的特权提升更改euid和egid。 
/*************************************************************
 *   HEADER FILE
 *************************************************************/

#ifndef _PRIVILEGE_H
#define _PRIVILEGE_H

#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>


class CPrivilege
{
    private:

        uid_t _ruid; 
        uid_t _euid; 
        uid_t _suid; 
        gid_t _rgid; 
        gid_t _egid; 
        gid_t _sgid;

        int _status;

        int getPrivilege(uid_t&,uid_t&,uid_t&,gid_t&,gid_t&,gid_t&);

    public :

        CPrivilege();

        int elevate();
        int down();
        int print();
        int status();
};

#endif



/*************************************************************
 *   CPP FILE
 *************************************************************/
#include "_privilege.h"

CPrivilege::CPrivilege()
{
    _status = getPrivilege(_ruid,_euid,_suid,_rgid,_egid,_sgid);
}

int CPrivilege::status()
{
    return _status;
}

int CPrivilege::getPrivilege(uid_t& ruid, uid_t& euid, uid_t& suid, gid_t& rgid, gid_t& egid, gid_t& sgid)
{
    if (getresuid(&ruid, &euid, &suid) == -1) {
        printf("getresuid error\n");
        return EXIT_FAILURE;
    }
    if (getresgid(&rgid, &egid, &sgid) == -1) {
        printf("getresgid error\n");
        return EXIT_FAILURE;
    }
    return EXIT_SUCCESS;
}

int CPrivilege::elevate()
{
    /* Switch to target user. effective uid gets the saved uid. */
    if (seteuid((uid_t)_suid) == -1) {
        printf("seteuid error\n");
        return (_status = EXIT_FAILURE);
    }

    /* Switch to target group. effective gid gets the saved gid. */
    if (setegid((gid_t)_sgid) == -1) {
        printf("setegid error\n");
        return (_status = EXIT_FAILURE);
    }

    return (_status = EXIT_SUCCESS);
}

int CPrivilege::down()
{
    /* Switch to target user. effective uid gets the real uid. */
    if (seteuid((uid_t)_ruid) == -1) {
        printf("seteuid error\n");
        return (_status = EXIT_FAILURE);
    }

    /* Switch to target group. effective gid gets the real gid. */
    if (setegid((gid_t)_rgid) == -1) {
        printf("setegid error\n");
        return (_status = EXIT_FAILURE);
    }

    return (_status = EXIT_SUCCESS);
}

int CPrivilege::print()
{
    uid_t ruid; 
    uid_t euid; 
    uid_t suid; 
    gid_t rgid; 
    gid_t egid; 
    gid_t sgid;

    printf("status = %d\n", _status);  

    getPrivilege(ruid,euid,suid,rgid,egid,sgid);    
    printf("ruid = %d, euid = %d, suid = %d\n", ruid, euid, suid);  
    printf("rgid = %d, egid = %d, sgid = %d\n", rgid, egid, sgid);  
}

另外,这是一个主程序,该程序打开一个shell脚本然后运行。 
/*************************************************************
 *   MAIN FILE
 *************************************************************/
#include "_privilege.h"

#include <string>

int main(int argc, char *argv[])
{
    CPrivilege priv;

    priv.down();   
    priv.print();

    // [...) Program stuff with user privilege

    std::string system_cmd; 
    int ret;

    system_cmd = "/root/test_script";

    priv.elevate();      
    priv.print();  

    FILE *pf;
    pf = fopen(system_cmd.c_str(),"r");
    if (pf != NULL)
    {
        printf("Root privilege\n\n");
        fclose(pf);
    }
    else
        printf("User privilege\n\n");

    system(system_cmd.c_str());   

    priv.down();   
    priv.print(); 

    // [...) Other Program stuff with user privilege

    return 0;
}

/*************************************************************
 *   SHELL FILE
 *************************************************************/
#!/bin/sh
echo 'HELLO WORLD !'

当我以“root”身份启动程序时,脚本将启动,输出如下: 
status = 0
ruid = 0, euid = 0, suid = 0
rgid = 0, egid = 0, sgid = 0
status = 0
ruid = 0, euid = 0, suid = 0
rgid = 0, egid = 0, sgid = 0
Root privilege

HELLO WORLD !
status = 0
ruid = 0, euid = 0, suid = 0
rgid = 0, egid = 0, sgid = 0

使用myuser启动程序时,即使它位于文件夹“/ root”中,我也可以打开脚本文件。但是我无法启动脚本,并且得到“拒绝权限”的答案: 
status = 0
ruid = 1009, euid = 1009, suid = 0
rgid = 1013, egid = 1013, sgid = 0
status = 0
ruid = 1009, euid = 0, suid = 0
rgid = 1013, egid = 0, sgid = 0
Root privilege

sh: /root/test_script: Permission denied
status = 0
ruid = 1009, euid = 1009, suid = 0
rgid = 1013, egid = 1013, sgid = 0

我应该怎么做才能以root权限调用脚本?

最佳答案

从Bash手册中:

If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, [...] and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.



请参阅 implementation(抱歉,非官方链接)。

我认为您将需要更改uid和有效uid,或将命令更改为 bash -p /root/test_script

关于c++ - 如何从C++将根euid传递给shell脚本,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61660356/

25 4 0
文章推荐: c++ - 如何使用websocket websocketpp发送和接收消息?
文章推荐: Mesosphere安装PermissionError :/genconf/config. yaml
文章推荐: Angular Google map 缩放仅工作一次,然后您无法更改缩放值
文章推荐: c++ - Spirit QI解析器结束EOM
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com