在 Ubuntu 12.04 下,我编写了以下 C 程序来帮助我在运行自动备份时关闭服务器的 apache2 和 samba 服务。请注意,在 Makefile 中我设置了 SUID 位,这样程序在由低级用户运行时将具有 root 权限tmv。
服务.c:
#include <stdio.h>
#include <stdlib.h>
void usage(char * arg0) {
printf("Usage: %s start|stop\n", arg0);
exit(1);
}
int main(int argc, char ** argv) {
fprintf(stderr, "Running as: ");
system("whoami");
if (argc != 2) usage(argv[0]);
if (!strcmp(argv[1], "stop")) {
printf("Before running rsync, we need to shut down apache2 and smbd.\n");
system("service apache2 stop");
system("service smbd stop");
} else if (!strcmp(argv[1], "start")) {
printf("After running rsync, we need to start apache2 and smbd.\n");
system("service apache2 start");
system("service smbd start");
} else {
usage(argv[0]);
}
return 0;
}
生成文件:
all: services.c
gcc -o services services.c
chown root:tmv services
chmod u+s services # allow elevation to root
chmod o-rx services # only user tmv should execute
这是我得到的:
tmv@patience:~$ ./services start
Running as: root
After running rsync, we need to start apache2 and smbd.
* Starting web server apache2 [ OK ]
start: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
以 root 身份运行工作正常:
# ./services start
Running as: root
After running rsync, we need to start apache2 and smbd.
* Starting web server apache2 [ OK ]
smbd start/running, process 8515
任何想法为什么我./services在以用户身份运行时无法按预期工作tmv?是不是也需要配置一些环境变量?
只需将其编写为 bash 脚本,然后使用 sudo 中的 NOPASSWD 标志授予您的 tmv 用户执行脚本的权限:
sudoers 行类似于:
此外,确保只有 root 可以修改该 bash 脚本。