Set the effective user ID of the Java process.

dalibor topic dalibor.topic at oracle.com
Mon Sep 11 12:49:44 UTC 2017


Sounds like https://bugs.openjdk.java.net/browse/JDK-5032600 .

cheers,
dalibor topic

On 11.09.2017 14:31, Dmitrii Kashin wrote:
> 
> I'd like to add to the conversation that this thread was started because
> of the argue here[1] (russian).
> 
> The main point of the argue was dropping privileges from root to some
> user after the program performed all the needed actions (f.e. when it
> started listening port < 1024).
> 
> We've found an example in commons-daemon code[2] how to drop privileges
> in MS Windows systems. It seems a new Access Token is created for some
> unprivileged user, and then spawns a new process with this token.
> 
> I suppose it makes some sense to say about it here: it would be very
> useful to have a possibility to drop privileges to some user. Please
> consider it as a user request.
> 
> [1] https://www.opennet.ru/opennews/art.shtml?num=47170#29
> [2] https://github.com/apache/commons-daemon/blob/6702852984689bc6507690113949b478dba157ef/src/native/windows/src/rprocess.c#L481
> 
> bruno ais <brunoaiss at gmail.com> writes:
> 
>> Any idea how it can be done on Windows?
>> Or better yet; is there a cross-platform thing or equivalence of that
>> feature?
>> If not, then that can easily be the reason.
>>
>> On Mon, Sep 11, 2017 at 9:29 AM, DoWhile ForEach <dowhileforeach at gmail.com>
>> wrote:
>>
>>> Hello.
>>>
>>> Please explain someone why the Java API has not yet implemented a method
>>> that allows you to set the effective user ID of the Java process.
>>>
>>> To accomplish this simple task, you have to make some workarounds.
>>> A striking example of such workarounds is jsvc tool from the Apache
>>> commons-daemon project for Tomcat server:
>>> https://github.com/apache/commons-daemon/blob/6702852984689b
>>> c6507690113949b478dba157ef/src/native/unix/native/jsvc-unix.c#L163
>>>

-- 
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>

ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher

<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment


More information about the core-libs-dev mailing list