On Thu, Nov 24, 2005 at 07:19:23PM +0800, William Xu wrote: > Ming Hua <[EMAIL PROTECTED]> writes: > > > On Thu, Nov 24, 2005 at 10:17:38AM +0800, William Xu wrote: > > >> 另外,假如有些用户程序的运行需要 root 权限,(比如,C 里的 bind 函数), > >> 如何有限地将这些权限放给他们呢? > > > > sudo 可以做到限制只能以 root 权限执行某些特定程序和访问某些特定文件 (设 > > 备、目录)。 > > 如果这些程序,文件本身是 root 所有,sudo 的确可以解决。 > > 可是,问题在于,像 bind 函数这种, 存在程序代码中的,sudo 就不行了吧。或 > 者我再具体一点,用户 A 要在机器上编写程序,里面需要用到 bind 函数,而只 > 有 root 才能运行用到 bind 的程序。。。 >
[Sorry for the English reply] The key question is whether the program is meant to be run by non-root users. If the program should only be run by root, you do not have to do anything special. If the program is designed to be used by non-root users, you have some choices: (a) make the program setuid to root, you should be very careful to manage the privilege of the program, which is not an easy task; or (b) you can write a small setuid-root program to bind the socket, and then drop priviledges and invoke the main program as a non-root user. For development, you can test/debug your program with a non-privileged port number. Qingning -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
