All,
I want to run a part of my Java program as root. Only one particular function as root. The other part of the programs should run with the user privileges with which the program was started. I want to run only the below code as root and the other as it is. This is because I see different behavior for this code when it runs with ROOT privileges.
try
{
addr = Inet6Address.getByName(host);
isReachable = addr.isReachable(20*1000);
} catch (UnknownHostException e)
Thanks in advance
There is no portable way for a Java program to change the effective user id; i.e. change from running with root privilege to another user. (And even in C an application can't switch between privileged and non-privileged willy-nilly. Privilege switching is a one-way street.)
Reading the javadoc for InetAddress.isReachable
it does use different mechanisms depending on the JVM process's privilege. However, neither of the two approaches used by isReachable
is guaranteed to work; e.g.
- some firewall may selectively block ICMP ECHO messages,
- the target machine might not be running an Echo service on port 7 ... or port 7 may be locked by a firewall.
So I would address avoid issue entirely. Just try to do whatever it is that you are really trying to do, and forget about using isReachable
. Or if it is within your control, fix the machines / networks so that both mechanisms work for the machines you need to test.
@Geek - you say that you can't test particular ports because they can be blocked. Well anything can be blocked, including ICMP PING, ICMP ECHO and anything else that you might use to test if the host is reachable.
There is only one thing that really matters: can you talk to the service that you are actually going to use. And there is only one way to find out: try to use it.
Or to say it another way, testing if a host is available doesn't make sense. Hosts are not available: specific services are.
Privilege separation is not possible in JAVA as it works very diffrent ways in different OS's.
A possible way to solve yor problem is a TCP connection attempt. You can catch the IOException which will contain additional information. This is highly platform-dependant, so be smart about interpreting them.
For running parts of a program with other privileges, you would need JNI and system dependent calls. Easier would be to simply call an external program with ProcessBuilder or Runtime.exec:
Process p = Runtime.getRuntime().exec(new String[]{"sudo", "ping", "-c", "5", "host"});
int result = p.waitFor();
if(result == 0) {
// reachable
}
else {
// unreachable, or some error
}
This would need a suitable entry in the sudoers
configuration file (and for other systems and/or other versions of ping maybe other parameters).
But as the others said, reachability by ping is not equivalent to the service you want to use is reachable.