在Ubuntu 12.04下,我编写了下面的C程序,帮助我closures服务器的apache2和samba服务,同时运行自动备份。 请注意,在Makefile中,我设置了SUID位,以便程序在由低级用户tmv运行时具有root权限。
services.c:
#include <stdio.h> #include <stdlib.h> void usage(char * arg0) { printf("Usage: %s start|stop\n", arg0); exit(1); } int main(int argc, char ** argv) { fprintf(stderr, "Running as: "); system("whoami"); if (argc != 2) usage(argv[0]); if (!strcmp(argv[1], "stop")) { printf("Before running rsync, we need to shut down apache2 and smbd.\n"); system("service apache2 stop"); system("service smbd stop"); } else if (!strcmp(argv[1], "start")) { printf("After running rsync, we need to start apache2 and smbd.\n"); system("service apache2 start"); system("service smbd start"); } else { usage(argv[0]); } return 0; }
Makefile文件:
all: services.c gcc -o services services.c chown root:tmv services chmod u+s services # allow elevation to root chmod o-rx services # only user tmv should execute
这是我得到的:
tmv@patience:~$ ./services start Running as: root After running rsync, we need to start apache2 and smbd. * Starting web server apache2 [ OK ] start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
以root身份运行正常工作:
# ./services start Running as: root After running rsync, we need to start apache2 and smbd. * Starting web server apache2 [ OK ] smbd start/running, process 8515
任何想法,为什么我的./services不能按预期工作时,作为用户tmv运行? 我是否也需要configuration一些环境variables?
把它写成一个bash脚本,然后授予你的tmv用户权限,使用sudo中的NOPASSWD标志来执行脚本:
sudoers行将是这样的:
tmv ALL = (ALL) NOPASSWD: /path/to/script
此外,确保只有root可以修改该bash脚本。