#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/capability.h>
#include <sys/types.h>
#include <unistd.h>
void listCaps1(void)
{
cap_t caps = cap_get_proc();
ssize_t y = 0;
printf("The process %d was give capabilities %s\n",(int) getpid(),
cap_to_text(caps, &y));
fflush(0);
cap_free(caps);
}
int main(void)
{
int fd;
cap_t caps = cap_init();
listCaps1();
cap_free(caps);
fd = open("/home/robot/test.txt",O_RDONLY);
if(-1 == fd){
perror("can't open\n");
}else{
printf("open sucesss\n");
}
while(1)
;
}
我将按照以下方式设置root:
[root@MEI-0 ]
setcap CAP_DAC_OVERRIDE+eip cd
run by non-root,like
[_ nokrcpsysccs @ MEI-0]
./cd
日志输出如下:
授予27142的流程capabilities = cap_dac_override+ep无法打开:权限被拒绝
我的问题是为什么该流程无法访问目录/home/robot/test.txt