假設腳本在啟動時以 root 身分執行。我想從這個腳本開始tcpsvd -E 0 515 lpd。我想tcpsvd以非特權用戶身份運行。但它需要 root 權限才能綁定到連接埠 515。
另外我必須使用busybox tcpsvd:
tcpsvd
tcpsvd [-hEv] [-c N] [-C N[:MSG]] [-b N] [-u USER] [-l NAME] IP PORT PROG
Create TCP socket, bind to IP:PORT and listen for incoming connection.
Run PROG for each connection.
IP IP to listen on. '0' = all
PORT Port to listen on
PROG [ARGS] Program to run
-l NAME Local hostname (else looks up local hostname in DNS)
-u USER[:GRP] Change to user/group after bind
-c N Handle up to N connections simultaneously
-b N Allow a backlog of approximately N TCP SYNs
-C N[:MSG] Allow only up to N connections from the same IP
New connections from this IP address are closed
immediately. MSG is written to the peer before close
-h Look up peer's hostname
-E Do not set up environment variables
-v Verbose
答案1
您需要在以 root 身份運行時將程式綁定到端口,然後切換到非特權用戶。 tcpsvd提供-u執行此操作的選項:
-u user[:group]
drop permissions. Switch user ID to user’s UID, and group ID to
user’s primary GID after creating and binding to the socket. If
user is followed by a colon and a group name, the group ID is
switched to the GID of group instead. All supplementary groups
are removed.