setpriv使用不同的 Linux 权限设置运行程序
help
$ setpriv --help
Usage:
setpriv [options] <program> [<argument>...]
Run a program with different privilege settings.
Options:
-d, --dump show current state (and do not exec)
--nnp, --no-new-privs disallow granting new privileges
--ambient-caps <caps,...> set ambient capabilities
--inh-caps <caps,...> set inheritable capabilities
--bounding-set <caps> set capability bounding set
--ruid <uid|user> set real uid
--euid <uid|user> set effective uid
--rgid <gid|user> set real gid
--egid <gid|group> set effective gid
--reuid <uid|user> set real and effective uid
--regid <gid|group> set real and effective gid
--clear-groups clear supplementary groups
--keep-groups keep supplementary groups
--init-groups initialize supplementary groups
--groups <group,...> set supplementary groups by UID or name
--securebits <bits> set securebits
--pdeathsig keep|clear|<signame>
set or clear parent death signal
--selinux-label <label> set SELinux label
--apparmor-profile <pr> set AppArmor profile
--reset-env clear all environment and initialize
HOME, SHELL, USER, LOGNAME and PATH
-h, --help display this help
-V, --version display version
This tool can be dangerous. Read the manpage, and be careful.
For more details see setpriv(1).
示例
setpriv --reuid=1000 --regid=1000 --init-groups <command>
setpriv --reuid=1000 --regid=1000 --clear-groups <command>