how to: non-root qml frontend and root-privileged worker threads
Question
I have an application which has a C++/Qt-backend and a QML-based frontend. Besides a data model the backend contains some worker threads (QThread). The worker threads have to be high privileged to do their job (ie file operations). Until now I start the application with sudo to get high privilege to the workers. Due to the sudo execution the whole application runs as root - so also the QML frontend which is really bad. So my question is what is the best way to get high privileged worker threads in an application with a QML based frontend of low privilege (user rights).
Thanks for your help in advance.
1 answers
solution1
1 2018-02-18 16:47:06
Generally, you can't run threads with a different user than the rest of the application. The simple reason is that all threads share a memory space and writing into the privileged thread's memory you could easily make it do whatever you want.
Now, how to get around that? The first thing to explore is to simply set up resource permissions so that you don't need root. For example, create a group and use plain Unix permissions ( chown , chmod ) or ACLs ( setfacl ) to give permissions to the group. Then, make sure that the application runs as a user that is part of the group.
If that is not possible, you can still start the backend with sudo , open (!) all required resources and then drop the privileges. Since they are already open, you retain access to them. If you need to reopen them regularly, at least you could start the frontend with reduced privileges.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.