All geek questions in one place

Running part of a Java program as root

Everything,

I want to run part of my root Java program. Only one specific function is root. The other part of the programs must run with the user rights with which the program was launched. I want to use only the code below as root, and the other as it is. This is because I see different behavior for this code when it works with ROOT privileges.

try { addr = Inet6Address.getByName(host); isReachable = addr.isReachable(20*1000); } catch (UnknownHostException e)

Thank you in advance

+4
source share
3 answers

There is no portable way for a Java program to change the effective user ID; those. Switch from running with root privileges to another user. (And even in C, an application cannot switch between privileged and non-privileged perforce. Switching privileges is a one-way street.)

Reading javadoc for InetAddress.isReachable uses various mechanisms depending on the privileges of the JVM process. However, none of the two approaches used by isReachable will work; eg.

  • some firewalls may selectively block ICMP ECHO messages,
  • the Echo service on port 7 may not work on the target computer, or port 7 may be blocked by a firewall.

So, I would decide to completely eliminate the problem. Just try to do what you are really trying to do and forget about using isReachable . Or, if it is under your control, fix the machines / networks so that both mechanisms work on the machines you need to check.

@Geek - you say that you cannot test certain ports because they can be blocked. Well , anything can be blocked, including ICMP PING, ICMP ECHO and everything else that you could use to check host availability.

There is only one thing that really matters: can you talk to the service that you are going to use. And there is only one way to find out: try using it.

Or to put it another way, testing if the host is available does not make sense. Hosts unavailable: specific services.

+4
source

Separation of privileges is not possible in JAVA, because it works in very different ways in different operating systems.

A possible way to solve the problem is to try a TCP connection. You can catch an IOException that will contain additional information. It is very platform dependent, so be smart in interpreting them.

+1
source

To run parts of the program with other privileges, you need JNI and system-specific calls. It would be easier to just call an external program using ProcessBuilder or Runtime.exec:

 Process p = Runtime.getRuntime().exec(new String[]{"sudo", "ping", "-c", "5", "host"}); int result = p.waitFor(); if(result == 0) { // reachable } else { // unreachable, or some error }

To do this, you will need a suitable entry in the sudoers configuration file (and for other systems and / or other versions of ping, there may be other parameters).

But, as others have said, reachability ping is not equivalent to the service you want to use, reachable.

0
source

Source: https://habr.com/ru/post/1343303/

More articles:


All Articles