Set the effective user ID of the Java process.
Dmitrii Kashin
freehck at freehck.ru
Mon Sep 11 12:31:12 UTC 2017
I'd like to add to the conversation that this thread was started because
of the argue here[1] (russian).
The main point of the argue was dropping privileges from root to some
user after the program performed all the needed actions (f.e. when it
started listening port < 1024).
We've found an example in commons-daemon code[2] how to drop privileges
in MS Windows systems. It seems a new Access Token is created for some
unprivileged user, and then spawns a new process with this token.
I suppose it makes some sense to say about it here: it would be very
useful to have a possibility to drop privileges to some user. Please
consider it as a user request.
[1] https://www.opennet.ru/opennews/art.shtml?num=47170#29
[2] https://github.com/apache/commons-daemon/blob/6702852984689bc6507690113949b478dba157ef/src/native/windows/src/rprocess.c#L481
bruno ais <brunoaiss at gmail.com> writes:
> Any idea how it can be done on Windows?
> Or better yet; is there a cross-platform thing or equivalence of that
> feature?
> If not, then that can easily be the reason.
>
> On Mon, Sep 11, 2017 at 9:29 AM, DoWhile ForEach <dowhileforeach at gmail.com>
> wrote:
>
>> Hello.
>>
>> Please explain someone why the Java API has not yet implemented a method
>> that allows you to set the effective user ID of the Java process.
>>
>> To accomplish this simple task, you have to make some workarounds.
>> A striking example of such workarounds is jsvc tool from the Apache
>> commons-daemon project for Tomcat server:
>> https://github.com/apache/commons-daemon/blob/6702852984689b
>> c6507690113949b478dba157ef/src/native/unix/native/jsvc-unix.c#L163
>>
More information about the core-libs-dev
mailing list