如何 运行 一个 exec() 函数作为 root 和非交互?
How to run an exec() function as root and non-interactive?
我正在寻找 fork() 并以 root 权限执行。一旦调用 exec 函数,特权似乎不会从主线程传递。
现在我已经看到 post here 描述了如何以 root 身份 运行 一个进程,但是当我尝试他们的解决方案时..
char sudo[]="/usr/bin/sudo";
char pbin[]="/usr/local/bin/puppet";
execl(sudo,sudo,pbin,(char *)NULL);
sudo 命令提示输入守护进程的密码。我正在寻找以 root 身份 运行 进程的非交互式方式。除了删除 Daemon 的密码之外,还有其他办法吗?
为了测试你的问题的前提,
"It seems that privileges are not passed from the main thread once an exec function is called."
我写了下面的测试代码,
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
int main() {
// printf("starting");
char sudo[]="/usr/bin/sudo";
char pbin[]="mkdir";
// printf("running test: %s %s",sudo,pbin);
errno=0;
if (fork() == 0) {
int res = execl(sudo,sudo,pbin,"/bin/child",(char *)NULL);
// printf("res:%d", res);
}
else {
sleep(2);
int res = execl(sudo,sudo,pbin,"/bin/parent",(char *)NULL);
// printf("res:%d", res);
}
}
令我惊讶的是,它没有问题,输出如下:
$ sudo rm /bin/parent -rf ; sudo rm -rf /bin/child/
$ ls /bin/child/ -la
ls: cannot access '/bin/child/': No such file or directory
$ ls /bin/parent/ -la
ls: cannot access '/bin/parent/': No such file or directory
$ gcc main.c
$ sudo ./a.out
$ ls /bin/parent -la
total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 .
drwxr-xr-x 4 root root 4096 Mar 6 11:42 ..
$ ls /bin/child -la
total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 .
drwxr-xr-x 4 root root 4096 Mar 6 11:42 ..
如您所见,父进程和具有root权限的子进程都创建了一个目录。
这让我想到您的问题实际上是另外一回事,正如您所说:
"The sudo command prompts for daemon's password. I am looking for non-interactive way to run the process as root. Is there anyway to do this short of removing Daemon's password?"
你真正想要的是无密码sudo,可以通过运行
获得
sudo visudo
然后添加行:
ALL ALL=(ALL) NOPASSWD: ALL
使您的 sudoers 文件看起来像这样。
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
ALL ALL=(ALL) NOPASSWD: ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
我正在寻找 fork() 并以 root 权限执行。一旦调用 exec 函数,特权似乎不会从主线程传递。
现在我已经看到 post here 描述了如何以 root 身份 运行 一个进程,但是当我尝试他们的解决方案时..
char sudo[]="/usr/bin/sudo";
char pbin[]="/usr/local/bin/puppet";
execl(sudo,sudo,pbin,(char *)NULL);
sudo 命令提示输入守护进程的密码。我正在寻找以 root 身份 运行 进程的非交互式方式。除了删除 Daemon 的密码之外,还有其他办法吗?
为了测试你的问题的前提,
"It seems that privileges are not passed from the main thread once an exec function is called."
我写了下面的测试代码,
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
int main() {
// printf("starting");
char sudo[]="/usr/bin/sudo";
char pbin[]="mkdir";
// printf("running test: %s %s",sudo,pbin);
errno=0;
if (fork() == 0) {
int res = execl(sudo,sudo,pbin,"/bin/child",(char *)NULL);
// printf("res:%d", res);
}
else {
sleep(2);
int res = execl(sudo,sudo,pbin,"/bin/parent",(char *)NULL);
// printf("res:%d", res);
}
}
令我惊讶的是,它没有问题,输出如下:
$ sudo rm /bin/parent -rf ; sudo rm -rf /bin/child/
$ ls /bin/child/ -la
ls: cannot access '/bin/child/': No such file or directory
$ ls /bin/parent/ -la
ls: cannot access '/bin/parent/': No such file or directory
$ gcc main.c
$ sudo ./a.out
$ ls /bin/parent -la
total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 .
drwxr-xr-x 4 root root 4096 Mar 6 11:42 ..
$ ls /bin/child -la
total 8 drwxr-xr-x 2 root root 4096 Mar 6 11:42 .
drwxr-xr-x 4 root root 4096 Mar 6 11:42 ..
如您所见,父进程和具有root权限的子进程都创建了一个目录。
这让我想到您的问题实际上是另外一回事,正如您所说:
"The sudo command prompts for daemon's password. I am looking for non-interactive way to run the process as root. Is there anyway to do this short of removing Daemon's password?"
你真正想要的是无密码sudo,可以通过运行
获得sudo visudo
然后添加行:
ALL ALL=(ALL) NOPASSWD: ALL
使您的 sudoers 文件看起来像这样。
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
ALL ALL=(ALL) NOPASSWD: ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d