>>> Linux tutorial directory <<<
Authority management-2.1SetUID
Write in the front: If you finish the inspection by yourself, there may be some mistakes. If you find something wrong, you can leave a message or private message me below.
1. The function of SetUID
-
Only executable binary programs can set SUID permissions (normal file and directory settings are meaningless)
-
Command the executor to have x (execute) permissions on the program
-
Command the executor to obtain the identity of the owner of the program file when executing the program
-
SetUID permission is only valid during the execution of the program, which means that the identity change is only valid during the execution of the program
2. Examples
-
The passwd command has SetUID authority, so ordinary users can change their own passwords
-
The cat command does not have SetUID permission, so ordinary users cannot view the contents of the / etc / shadow file through cat
3. How to set SetUID
4. How to cancel SetUID
5. Dangerous SetUID
-
Key directories should strictly control write permissions, such as "/", "/ usr", etc.
-
The user's password setting must strictly abide by the three principles of password
-
Make a list of the files that should have SetUID permission by default in the system, and regularly check whether any other files are set with SUID permissions
-
Note: If vim has SUID permissions, then ordinary users will be able to use vim to modify any file
Write in the back: I hope these explanations will be helpful to you, I hope everyone will like and pay attention to it. Your support is my biggest motivation (๑> <๑)