模拟UNIX用户并更新环境变量

时间:2021-06-28 23:12:20

I'm working on a Service with mono, that is started as privileged user and impersonating a non-privileged user for security reasons. The service often impersonates a user to run an external process and then switching back. But the external processes need the user-specific environment variables (like "$HOME") which are not changed by the User Impersonation.

我正在使用mono开发一个服务,该服务以特权用户的身份启动,并出于安全原因模拟非特权用户。服务通常模拟用户运行外部进程,然后切换回。但是外部过程需要用户特定的环境变量(比如“$HOME”),用户模拟不会改变这些变量。

That's the code i use to Impersonate an User:

这是我用来模拟用户的代码:

WindowsIdentity tmpIdentity = new WindowsIdentity(user);
using(WindowsImpersonationContext tmpContext = tmpIdentity.Impersonate()) {
    //run process here
}

I also tried to run the following code before spawning the process but without impact:

我还尝试在生成过程之前运行以下代码,但没有影响:

Environment.SetEnvironmentVariable("HOME",Environment.GetFolderPath(Environment.SpecialFolder.Personal),EnvironmentVariableTarget.Machine);

Environment.GetFolderPath(Environment.SpecialFolder.Personal) does not change after/while the Impersonation

环境。getfolderpath(环境。specialfolder.personal)在模仿后不会改变。

Is there a way to update the Environment Variables?

是否有更新环境变量的方法?

1 个解决方案

#1


2  

The thing is that environment variables are created for the process during it's invocation. Since an impersonation simply fakes another user by switching the user Access Token, the environment variables won't be affected by this change. Thus the method System.GetEnvironmentVariable(String) will continues to return the original environment variables. Therefor updating the environment variables is something that you will have to do yourself.

问题是,在流程调用期间为流程创建环境变量。由于模拟只是通过切换用户访问令牌来伪造另一个用户,因此环境变量不会受到这种变化的影响。因此,方法System.GetEnvironmentVariable(String)将继续返回原始环境变量。因此,更新环境变量是您必须自己做的事情。

Here might be some ways out of this :

也许有一些方法可以解决这个问题:

  • Once impersonated, create a new process responsible to get the environment variables
  • 模拟之后,创建一个新进程,负责获取环境变量
  • Parse OS resources to get the values yourself (registery, /etc/passwd, etc)
  • 解析OS资源以获取值(registery、/etc/passwd等)
  • If you know exactly which users are going to be impersonated, you can use a config file
  • 如果您确切地知道要模拟哪些用户,您可以使用配置文件

#1


2  

The thing is that environment variables are created for the process during it's invocation. Since an impersonation simply fakes another user by switching the user Access Token, the environment variables won't be affected by this change. Thus the method System.GetEnvironmentVariable(String) will continues to return the original environment variables. Therefor updating the environment variables is something that you will have to do yourself.

问题是,在流程调用期间为流程创建环境变量。由于模拟只是通过切换用户访问令牌来伪造另一个用户,因此环境变量不会受到这种变化的影响。因此,方法System.GetEnvironmentVariable(String)将继续返回原始环境变量。因此,更新环境变量是您必须自己做的事情。

Here might be some ways out of this :

也许有一些方法可以解决这个问题:

  • Once impersonated, create a new process responsible to get the environment variables
  • 模拟之后,创建一个新进程,负责获取环境变量
  • Parse OS resources to get the values yourself (registery, /etc/passwd, etc)
  • 解析OS资源以获取值(registery、/etc/passwd等)
  • If you know exactly which users are going to be impersonated, you can use a config file
  • 如果您确切地知道要模拟哪些用户,您可以使用配置文件