嗨,这是在Linux进程中删除权限的正确顺序吗?我希望这个代码能够在我作为特权用户(例如在生产中)运行时使用,或者仅仅用作用户本身(例如用于测试)。
Input = username, groupname
lookup userid and groupid; exit if not found
setgid(groupid); exit if failure
e = initgroups(username, groupid, ...)
setuid(userid); exit if failure
capset(...) to zero capabilities; exit if failure
if (e) {
/* E.g. initgroups failed because not enough privileges */
assign result of getgrouplist(username, groupid, ...) to target_groups
assign result of getgroups() to effective_groups
Exit if there is an effective_group which is
(not a target_group and not equal to group_name)
}