堆栈内存溢出
  简体   繁体   English

Python posix IPC-以不同用户身份运行的进程之间的通信

[英]Python posix IPC - communication between process running as a different user

 原文  2017-09-03 09:27:51       python/ python-3.x/ posix/ ipc/ root

问题描述

I am trying to establish communication between two different processes on Linux using POSIX IPC. 我正在尝试使用POSIX IPC在Linux上的两个不同进程之间建立通信。 I am using python 3 with posix message queues based on this library http://semanchuk.com/philip/posix_ipc/ . 我正在基于http://semanchuk.com/philip/posix_ipc/的库中将python 3与posix消息队列一起使用。

The problem is that I want to communicate between a server that is running as root and a client that is running with normal user permissions (separate python program). 问题是我想在以root用户身份运行的服务器和以普通用户权限运行的客户端(单独的python程序)之间进行通信。

If the client creates the message queue then it works, presumably because it allocates under a normal user and the process running under root has higher permissions. 如果客户端创建了消息队列,则它可以工作,大概是因为它是在普通用户下分配的,并且在root下运行的进程具有更高的权限。 I however want the server to create the message queue as that can properly manage the closure of the message queue when the server terminates etc. 但是,我希望服务器创建消息队列,因为它可以在服务器终止等情况下正确管理消息队列的关闭。

Is it possible for a root process to create an IPC message queue and allow processes running under a different user to write to the queue? 根进程是否可以创建IPC消息队列并允许在其他用户下运行的进程写入该队列? If so how? 如果可以,怎么办?

Or is there any alternative to POSIX IPC that could be used instead (eg. Sys V)? 还是有替代POSIX IPC的替代方案(例如Sys V)? I'm hoping to avoid using UNIX sockets as I don't want the additional overhead that uses. 我希望避免使用UNIX套接字,因为我不希望使用额外的开销。

-- Update on latest attempt -- -最新尝试的更新-

I've read up on all the documentation I can find. 我已经阅读了所有可以找到的文档。 The library readme says that they found it to work regardless of permissions, but that's not my experience. 图书馆自述文件说,他们发现它不管权限如何都可以工作,但这不是我的经验。

The Linux programming interface (on which the library relies) states to use both mode and umask, but even if I use os.umask(000) followed by mode=666 within the message queue setup I still get permission denied from the client. Linux编程接口(该库所依赖)声明同时使用模式和umask,但是即使我在消息队列设置中使用os.umask(000)和mode = 666,也仍然会从客户端拒绝权限。

1 个解决方案

解决方案1
 0  2017-09-03 09:56:38

You might want to try Linux domain sockets. 您可能想尝试Linux域套接字。

Access to filesystem-based ones can be managed with filesystem permissions. 可以使用文件系统权限来管理对基于文件系统的访问。 Domain sockets in abstract namespace can be secured by checking credentials (PID/UID) of connecting process, — see also: "SCM_RIGHTS". 可以通过检查连接过程的凭据(PID / UID)来保护抽象名称空间中的域套接字,该安全性—另请参见:“ SCM_RIGHTS”。

Domain sockets are very fast, — they are used by Xorg, so kernel developers have optimized them well. 域套接字非常快-Xorg使用了它们,因此内核开发人员已经对其进行了优化。 They are also more portable than POSIX IPC (supported on Android). 它们也比POSIX IPC(在Android上受支持)具有更高的可移植性。 Stream-based mode might be a bit awkward to use for message-oriented IPC, so you should consider switching to datagram mode instead. 基于流的模式对于面向消息的IPC可能有点尴尬,因此您应该考虑改用数据报模式。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 python和java之间的IPC(进程间通信) - IPC (inter process communication) between python and java 适用于Vista UAC(用户访问控制)的python IPC(进程间通信) - python IPC (Inter Process Communication) for Vista UAC (User Access Control) 如何使用posix消息队列在节点和python之间进行IPC? - How to IPC between node and python using posix message queue? 在长时间运行的c进程和python之间进行双向IPC的最佳方法是什么? - what is the best way to do bidirectional IPC between a long-running c process and python? 不同机器上两个进程之间的Python IPC - Python IPC between two processes on different machines 适用于POSIX兼容系统的Python流程的IPC解决方案 - IPC solutions for Python processes on POSIX compliant system posix_ipc python 包等效于 Windows? - posix_ipc python package equivalent for Windows? Python 2进程IPC - Python 2-process IPC C DLL 和 Python 应用程序之间的 IPC 以处理数据 - IPC between a C DLL and Python application to process data VBA 和 Python 之间的 IPC - IPC between VBA and Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM