嗨,这是在 Linux 进程中删除权限的正确顺序吗?我希望这段代码在我作为特权用户运行(例如在生产中)或仅作为用户本身使用(例如用于测试)的情况下工作。
Input = username, groupname
lookup userid and groupid; exit if not found
setgid(groupid); exit if failure
e = initgroups(username, groupid, ...)
setuid(userid); exit if failure
capset(...) to zero capabilities; exit if failure
if (e) {
/* E.g. initgroups failed because not enough privileges */
assign result of getgrouplist(username, groupid, ...) to target_groups
assign result of getgroups() to effective_groups
Exit if there is an effective_group which is
(not a target_group and not equal to group_name)
}