目录
一、切换权限使用到的函数
用于切换进程权限的主要函数如下:
#include <sys/types.h>
#include <stdio.h>
#include <pwd.h>
#include <unistd.h>
int getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result);
int setgid(gid_t gid);
int setgid(gid_t gid);
二、进程权限切换步骤
2.1)通过函数 getpwnam_r() 获取用户名对应的 uid 和 gid
const char *username = "nginx";
long const buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
if (buflen == -1) {
fprintf(stderr, "can not get _SC_GETPW_R_SIZE_MAX\n");
return 1;
}
// requires c99
char buf[buflen];
struct passwd pwbuf, *pwbufp;
if (0 != getpwnam_r(username, &pwbuf, buf, buflen, &pwbufp) || !pwbufp) {
fprintf(stderr, "can not get uid for username : %s\n", username);
return 1;
}
2.2)通过函数 setuid() 和 setgid() 设置当前进程的 uid 和 gid
if(setgid(pwbuf.pw_gid) < 0) {
fprintf(stderr, "setgid failed\n");
return 1;
}
if(setuid(pwbuf.pw_uid) < 0) {
fprintf(stderr, "setuid failed\n");
return 1;
}
参考:https://github.com/nginx/nginx/blob/master/src/os/unix/ngx_process_cycle.c:799