我需要以 root 身份运行浏览器,才能获得思杰接收器,在浏览器中执行,授予访问和编辑hosts文件的权限。
否则我会收到此错误:
您无权更改主机文件。请验证您是否具有 /etc 目录的写入权限。
显然 Citrix 需要访问权限hosts,据我所知,唯一的方法是以 root 身份执行 Firefox:
sudo firefox
以 root 身份执行浏览器时是否存在安全问题?
有什么方法可以使该hosts文件永久可编辑,这样我就不必以 root 身份执行 Firefox 了?
更新1
按照 mikeserv 的建议,我执行了
cp /etc/hosts /tmp
sudo unshare -m sh -c '
mount -B /tmp/hosts /etc/hosts
exec runuser -u '"$USER"' firefox'
在新打开的 Firefox 实例中,我尝试使用 Citrix 访问我的资源,但得到了与上面相同的错误。
此外,我在终端中收到以下错误转储:
1449062781808 addons.xpi WARN Can't iterate directory /home/user/.mozilla/firefox/2vytc6tm.default/extensions: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFile.directoryEntries]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: getDirectoryEntries :: line 1713" data: no] Stack trace: getDirectoryEntries()@resource://gre/modules/addons/XPIProvider.jsm:1713 < DirInstallLocation__readAddons()@resource://gre/modules/addons/XPIProvider.jsm:7502 < DirectoryInstallLocation()@resource://gre/modules/addons/XPIProvider.jsm:7441 < addDirectoryInstallLocation()@resource://gre/modules/addons/XPIProvider.jsm:2298 < XPI_startup()@resource://gre/modules/addons/XPIProvider.jsm:2347 < callProvider()@resource://gre/modules/AddonManager.jsm:221 < _startProvider()@resource://gre/modules/AddonManager.jsm:828 < AMI_startup()@resource://gre/modules/AddonManager.jsm:999 < AMP_startup()@resource://gre/modules/AddonManager.jsm:2672 < AMC_observe()@resource://gre/components/addonManager.js:58 < <file:unknown>
(firefox:7994): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-9dyvIdS0jP: Verbindungsaufbau abgelehnt
(firefox:7994): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-CBkXMgnC2r: Verbindungsaufbau abgelehnt
(firefox:7994): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Verbindung ist gescheitert: Verbindungsaufbau abgelehnt
(firefox:7994): dconf-CRITICAL **: unable to create file '/home/user/.cache/dconf/user': Keine Berechtigung. dconf will not work properly.
(firefox:7994): dconf-CRITICAL **: unable to create file '/home/user/.cache/dconf/user': Keine Berechtigung. dconf will not work properly.
...
(firefox:7994): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-dMG4PGVMeg: Verbindungsaufbau abgelehnt
(firefox:7994): dconf-CRITICAL **: unable to create file '/home/user/.cache/dconf/user': Keine Berechtigung. dconf will not work properly.
(firefox:7994): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-jIIyll6Cjh: Verbindungsaufbau abgelehnt
...
更新2
JVMLauncher.afterStart(): starting JVM process watcher
(wfica:4510): GLib-CRITICAL **: Source ID 75 was not found when attempting to remove it
(wfica:4510): GLib-CRITICAL **: Source ID 127 was not found when attempting to remove it
答案1
使用 linuxmount命名空间,您可以获得接近相同的效果,但责任要少得多。
cp /etc/hosts /tmp
sudo -E unshare -m sh -c '
mount -B /tmp/hosts /etc/hosts
runuser -p '"$USER"' -c firefox'
答案2
请勿将写入权限设置为,/etc/hosts因为您面临攻击者将您的流量重定向到受控制的网站并因此执行恶意操作的风险,例如路过式下载攻击这可能会导致在未经您同意的情况下在您的计算机上安装恶意软件,方法是制作恶意 JavaScript 代码,该代码可能会利用您的 Firefox 浏览器或其插件/扩展之一的漏洞。 Windows 操作系统上的同一文件被恶意软件作者用来传播木马。只有您作为所有者才有权编写它。