In a Java thread running as an administrator, how can we apply Unix privileges to login?

Question

In a Java thread running as an administrator, how can we apply Unix privileges to login?

We have a Java program that runs as root on Unix, so it can read, for example, the contents of folders /home/user1and /home/user2. However, if the Unix user "user1" is registered in our application, he should not have access to the data "/ home / user2". We would like to directly use Unix rights and not recreate all permissions in our application! So can we ...

try to change the UID of our program depending on the user registered in? It sounds complicated, and each file is accessed in different streams, so the UID will be different on each thread of our program ...
use JNI to read permissions " /home/user2" ... And then determine if user1 has sufficient permissions to " /home/user2"? (as?).

+3

java unix permissions

Mikael mechoulam Nov 05 '08 at 9:32

source share

7 answers

, , C, UID, ( , , - setuid), java, RMI. java .

Linux setfsuid()/setfsgid(), .

+2

CesarB 05 . '08 10:09

, 1, , user1.

0

hansi 05 . '08 9:54

, shellscript java .

0

TheMarko 05 . '08 10:00

, , , -, , , setuid JNI . setuid , , .

setuid Java-, http://www2.sys-con.com/itsg/virtualcd/Java/archives/0510/Silverman/index.html.

0

Alnitak 05 . '08 10:09

: , root , , - , , , root, , root. .

, , , , root.

0

CesarB 05 . '08 12:37

, Mikael, , .

100%. 4 :

Linux, . Java- . Java "" , .
, "". 1 "" ( ) 100 (, ). 10 000 , 100 , .
JVM . script, stdin/stdio/stderr . XMPP IO Data (, , ", " aka, JVM ).
Super-Server. "" , .
- (.. ) -, ( ), .
, ( "", ), Java EE EJB Container . , 10 000 () 10 000 , . , .
, # 3, , Upstart ( ). "" , Upstart. Upstart , , , , , mysqld, Apache ..

# 1. , №4, , . ( inetd/xinetd EJB, , )

0

Hendy Irawan 16 . '11 16:08

Vladimir Dyuzhev · Accepted Answer · 2008-11-05T12:14:32+0000

Use SecurityManager!

Paste the current unix user id into ThreadLocal
Create your own SecurityManager that checks unix user rights on checkRead () and checkWrite ()
System.setSecurityManager (new MySecurityManager ())
Enjoy

Update

Of course, there is no standard library for reading unix file permissions. This is not WORA.

: http://jan.newmarch.name/java/posix/ JNI, JNI, .:) , .

Stat : http://jan.newmarch.name/java/posix/posix.Stat.html

2

, "" unix, ACL Posix Capabilities ( , , ). , SecurityManager, JVM! , SUID-, ( , , ), , SecurityManager!

In a Java thread running as an administrator, how can we apply Unix privileges to login?

More articles: