All geek questions in one place

Access fork and unpack using Java

I am writing a server program in Java that will allow users to submit jobs using DRMAA. Although the main server process works as it is root, all it does is authenticate the user and then run another Java program that works as that user, and actually does the job to comply with the principle of minimizing privileges. Initially, I did this with Runtime.exec()and sudo(example below), which works fine until the process is fixed, and at that moment it is sudofrustrated because it does not have a terminal.

String[] command = {"sudo", "-i", "-u", username, java, theOtherJavaProgram};
Runtime.getRuntime().exec(command, null, getHomeDirectory(username));

What is the best way to make this fork and drop privilege pattern in Java when running as a daemon? Is there any way? Should I break out of C and learn how to create JVMs with JNI?

+3
source share
3 answers

You can use su(1)instead sudo(8). su(1)much less involved and probably the terminal itself will not want it. (Of course, if your PAM configuration requires a terminal input for su(1), then this may not work as well.)

+1
source

Most likely, just use JNI to remove privileges.

Here is the one I shot down earlier:

UID.java

public class UID {

    public static native int setuid(int uid);

    static {
        System.loadLibrary("uid");
    }
}

unix_uid.c

#include <sys/types.h>
#include <unistd.h>
#include <jni.h>
#include "UID.h"

JNIEXPORT jint JNICALL
Java_UID_setuid(JNIEnv * jnienv, jclass j, jint uid)
{
    return((jint)setuid((uid_t)uid));
}

UID.his a machine generated from UID.classusing javah.

+6
source

If you want to start the process is not rootlike root, it suwill be enough. He will not ask for a password when switching from rootanother user, so he does not need a terminal.

0
source

Source: https://habr.com/ru/post/1795185/

More articles:


All Articles