详细了解 setuid 可执行文件和 setreuid(2)和 execve(2)系统调用.请注意，您需要使用chmod u+s将setuid标志放在可执行文件上(请参见 chmod(1)) > chown(1))并仔细编码，以避免安全漏洞.

Read more about setuid executables and setreuid(2) and execve(2) syscalls. Be careful, you'll need to put the setuid flag on the executable with chmod u+s (see chmod(1)) after changing its ownership (with chown(1)) and code carefully to avoid security holes.

^{(因此，我建议由知道 setuid 机制的人来检查您的代码并意识到安全问题)}

^{(so I recommend to have your code reviewed by someone knowing the setuid mechanism and aware of security issues)}

Setuid是获取(或撤消)特权的基本机制(由，sudo，super，login等使用).参见 credentials(7)& capabilities(7).

Setuid is the basic mechanism (used by su, sudo, super, login etc...) programs to get (or revoke) privileges. See credentials(7) & capabilities(7).

启动一些帮助程序(以root身份或在/usr/libexec/中启动一些setuid可执行文件...)并使用一些管道(7) ...).例如，不建议在根进程中使用GTK或Qt之类的GUI工具包.如果您的应用程序具有一些GUI，则可以在非root用户(普通用户)进程中运行其GUI，并以root用户身份运行(希望很小的)帮助程序进程来进行root用户，以完成需要特殊特权的实际工作.

It could be safer to start some helper process (as root, or start some setuid executable perhaps in /usr/libexec/ ...) and communicate with it using some inter-process communication facilities (like pipe(7)...). For example, it is not recommended to use GUI toolkits like GTK or Qt in root processes. If your app has some GUI, it is reasonable to run its GUI in a non-root (ordinary user) process and run as root the (hopefully small) helper process doing the real job requiring special privileges.

在编码之前，我建议阅读一本好书，例如 高级Linux编程 和 syscalls(2)以及每个系统调用. 安全性方面尤其重要.

Before coding, I recommend reading a good book like Advanced Linux Programming and syscalls(2) and the documentation of every system call you would use. Security aspects are especially important.

Setuid可执行文件不一定需要或使用任何密码.反过来说:需要密码的程序(特别是login，su，sudo等.)是setuid(它们是

Setuid executables don't necessarily require or use any password; it is the other way round: programs requiring passwords (notably login, su, sudo etc....) are setuid (and they are free software on Linux so you can study their source code); try ls -l /bin/su /usr/bin/sudo /bin/login to check that.

由于您要模拟各种用户环境，因此请注意 environ( 7).

Since you want to emulate various user environments, be aware of environ(7).