问题描述

我正在实现char驱动程序(Linux)，并且驱动程序中有某些IOCTL命令，只需由ADMIN执行即可.

I am implementing char driver ( Linux) and there are certain IOCTL commands are there in my driver which needs to be only executed by ADMIN.

我的问题是如何在ioctl命令实现下检查用户权限，并限制非特权用户访问IOCTL.

My question is how can I check user permission under my ioctl command implementation and restrict unprivileged user from accessing IOCTL.

推荐答案

您可以使用bool capable(int cap)函数，如果用户具有请求的功能，该函数将返回 true . cap 的可能值在内核源代码中的include/uapi/linux/capability.h中列出(宏以 CAP _ 开头).

You can use bool capable(int cap) function, which returns true if user has capability requested. Possible values of cap are listed in kernel sources at include/uapi/linux/capability.h (macros started with CAP_).

如您所见，有许多类似管理员的功能.选择一种似乎更适合您的任务.或者，只需服用 CAP_SYS_ADMIN .

As you can see, there are many admin-like capabilities. Choose one which seems fit better for you task. Or just take CAP_SYS_ADMIN.

这篇关于ioctl命令上的用户权限检查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！