1

This question is not as simple as telling me to use runas; Please read the question before answering.

When I use C on UNIX/Linux and want to write a program to run with elevated privilege, I use this flow:

  1. program starts.
  2. process lowers privilege using setuid().
  3. process does unprivileged work.
  4. process raises privilege using setuid().
  5. process does privileged work such as opening a restricted file.
  6. process lowers privilege using setuid().

The critical part of the flow is that the process lowers its privilege immediately after starting and only raises its privilege long enough to do the corresponding work.

How can I do a similar thing on Windows using Java?

My specific use case is that I want to read and write protected files such that the only way for the user of the program to access the files is thru my Java program. I do not want to run the entire process with Administrator privilege just to protect a couple of files.

Be Kind To New Users
  • 9,672
  • 13
  • 78
  • 125

1 Answers1

1

The JRE by itself does not allow this. There are two options to do it in "Java":

  1. Use JNI to make C calls into the OS
  2. Script out the calls that use setuid() (use a script language or create a C executable) and have the JVM exec that script.

I believe the more difficult part of your problem will be finding a setuid() equivalent in Windows. See https://serverfault.com/questions/16886/is-there-an-equivalent-of-su-for-windows. The most straightforward way would be to wrap runas (yes, I said it) in a script or perhaps exec your script with runas. See Run command prompt as Administrator for ideas on how to do that.

Community
  • 1
  • 1
lreeder
  • 12,047
  • 2
  • 56
  • 65