使用 Java 检查 Linux 用户的组成员身份
[英]Check group membership for a Linux user using Java
问题描述
Hi I can't figure out how to verify if a user belong to one o more group under Linux os using java 7 nio library.
嗨,我不知道如何使用 java 7 nio 库验证用户是否属于 Linux 操作系统下的一个或多个组。
Can anyone help me about this issue?任何人都可以帮助我解决这个问题吗?
2 个解决方案
解决方案1
2 已采纳 2014-04-03 18:34:49
You can try to read the file /etc/group .您可以尝试读取文件/etc/group 。
I have developed a class to easily query this file:我开发了一个类来轻松查询此文件:
public class UserInfo {
public UserInfo() throws FileNotFoundException, IOException {
this.group2users = new HashMap<>();
FileReader fileReader = new FileReader(groupsFilePath);
BufferedReader groupsReader = new BufferedReader(fileReader);
while(groupsReader.ready())
{
try
{
String line = groupsReader.readLine();
String [] tokens = line.split(":");
String groupName = tokens[0];
Set<String> users = group2users.get(groupName);
if(users == null)
{
users = new HashSet<String>();
group2users.put(groupName, users);
}
if(tokens.length>3)
{
for(String uStr: tokens[3].split(","))
users.add(uStr);
}
} catch (Exception e) { continue; }
}
groupsReader.close();
fileReader.close();
}
public boolean belongs2group(String user, String group)
{
Set<String> groupRef = group2users.get(group);
if(groupRef == null) return false;
return groupRef.contains(user);
}
private String groupsFilePath = "/etc/group";
private Map<String, Set<String>> group2users;
}
This code maps the /etc/group file and keep a map of groups-their users set.此代码映射/etc/group文件并保留/etc/group的映射 - 他们的用户集。 I have developed just one query method ( belongs2group ) but it is fairly easy to add methods to list all groups and/or all users.我只开发了一种查询方法( belongs2group ),但是添加方法来列出所有组和/或所有用户是相当容易的。
This code is written using the old-fashioned-mainstream java io-api but I think it can be easily adapted to nio.这段代码是使用老式主流 java io-api 编写的,但我认为它可以很容易地适应 nio。 Let me know if you need me to complete that step.如果您需要我完成该步骤,请告诉我。
解决方案2
1 2019-12-27 11:35:06
I do not think that reading local /etc/passwd or /etc/group could be good idea, because nis/ldap/ipa/pam can introduce other sources of infromation about group membership.我不认为阅读本地/etc/passwd或/etc/group可能是个好主意,因为 nis/ldap/ipa/pam 可以引入有关组成员身份的其他信息来源。 So, it depends on you environment and some other details.因此,这取决于您的环境和其他一些细节。 Eg:例如:
Groups for logged in (current) user登录(当前)用户的组
com.sun.security.auth.module.UnixSystem().getGroups()
Hadoop Hadoop
org.apache.hadoop.security.UserGroupInformation.getBestUGI(null,"root").getGroupNames()
If neither is you case如果你都不是
You can create jna wrapper for getgroups(2) .您可以为getgroups(2)创建 jna 包装器。
Or improve UnixSystem and Java_com_sun_security_auth_module_UnixSystem_getUnixInfo from jdk to take user id/name parameter.或者从 jdk改进UnixSystem和Java_com_sun_security_auth_module_UnixSystem_getUnixInfo以获取用户 id/name 参数。
Or rewrite some implementation of org.apache.hadoop.security.GroupMappingServiceProvider interface to not depend on hadoop environment.或者重写一些org.apache.hadoop.security.GroupMappingServiceProvider接口的实现来不依赖于 hadoop 环境。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.