Detailed SetUID permissions for Linux love and hate

Others 2020-04-23 10:37:41 views: null

>>> Linux tutorial directory <<<

Authority management-2.1SetUID

Write in the front: If you finish the inspection by yourself, there may be some mistakes. If you find something wrong, you can leave a message or private message me below.

1. The function of SetUID

  • Only executable binary programs can set SUID permissions (normal file and directory settings are meaningless)
  • Command the executor to have x (execute) permissions on the program
  • Command the executor to obtain the identity of the owner of the program file when executing the program
  • SetUID permission is only valid during the execution of the program, which means that the identity change is only valid during the execution of the program

2. Examples

  • The passwd command has SetUID authority, so ordinary users can change their own passwords
    • We use the ll (short for ls -l) command to view the passwd command file
    • ll /usr/bin/passwd
    • The display is as follows:
    • -rwsr-xr-x 1 root root 25980 4月 21 2020 /usr/bin/passwd
    • It can be seen that there is an "s" in the permissions of the group, which means that it has SetUID permissions
  • The cat command does not have SetUID permission, so ordinary users cannot view the contents of the / etc / shadow file through cat
    • Let's view the cat command file
    • The display is as follows:
    • -rwxr-xr-x 1 root root 47976 4月 21 2020 /bin/cat
    • It can be seen that there is no permission "s", which means that it does not have SetUID permission

Insert picture description here

3. How to set SetUID

  • chmod 4755 [file name]
  • Or chmod u + s [file name]
  • The number 4 represents the SUID authority

4. How to cancel SetUID

  • chmod 755 [file name]
  • Or chmod us [file name]

5. Dangerous SetUID

  • Key directories should strictly control write permissions, such as "/", "/ usr", etc.
  • The user's password setting must strictly abide by the three principles of password
  • Make a list of the files that should have SetUID permission by default in the system, and regularly check whether any other files are set with SUID permissions

  • Note: If vim has SUID permissions, then ordinary users will be able to use vim to modify any file

Write in the back: I hope these explanations will be helpful to you, I hope everyone will like and pay attention to it. Your support is my biggest motivation (๑> ؂ <๑)

Ling round
Published 366 original articles · praised 68 · 50,000+ views
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_43479432/article/details/105635730
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com