简体繁体 English

node.js中的seteuid

[英]seteuid in node.js

原文 2012-03-02 00:32:11 4 2 linux/ node.js

How can I temporarily drop root privileges in Node.js? 如何在Node.js中暂时放弃root特权？

I can see process.setuid in the standard library, but without seteuid , it cannot be temporary. 我可以在标准库中看到process.setuid ，但是没有seteuid ，它不能是临时的。 Trying to get root privileges again fails. 尝试再次获得root权限失败。

2 个解决方案

I don't think changing privileges in a Node.js program really makes sense because you don't know when the different IO requests are going to be handled. 我不认为在Node.js程序中更改权限真的有意义，因为您不知道何时将处理不同的IO请求。 You might change privilege, submit the IO, change back, and at some point in the future the IO will be performed -- presumably under the privileges it runs with at the time. 您可以更改权限，提交IO，更改，并在将来的某个时间点执行IO - 可能是在当时运行的权限下。

I could imagine a mechanism to tie the euid, egid, and supplemental groups to specific IO requests, but it would probably be a drastic complication compared to their current design for not much benefit. 我可以设想一种将euid，egid和补充组与特定IO请求联系起来的机制，但与目前的设计相比，这可能是一个极大的复杂因素并没有太大的好处。

An approach you could take would spawn off new processes with Cluster , change permissions, and then exit the process once you're finished. 您可以采用的方法是使用Cluster生成新进程，更改权限，然后在完成后退出进程。 You could also have it be long-lived and handle requests over an internal queue, but fork(2) is fast , and hopefully the Node.js shims over fork(2) aren't too expensive. 你也可以让它长寿并通过内部队列处理请求，但fork(2) 很快，希望Node.js在fork(2)上的垫片不是太贵。

You can use the node-posix module 's seteuid method. 您可以使用node-posix模块的seteuid方法。 For such a simple task as creating a single file, I can imagine that you use writeFileSync surrounded by calls to seteuid , as your original idea probably was. 对于创建单个文件这样一个简单的任务，我可以想象你使用了seteuid调用所包围的writeFileSync ，正如你最初的想法seteuid那样。