Linux system programming 40 Process control-user permissions and group permissions, interpreter files

User permissions and group permissions are stored in multiple ways.

uid:
actual user ID, effective user ID, saved setting user ID

gid:
actual group ID, effective group ID, saved setting group ID

As explained in section 4.4 in the previous chapter 4 files and directories, the IDs associated with a process are as follows:

Actual user ID: Tell us who it is actually, usually it is the ID taken from the password file when the user logs in.
Effective user ID: Mainly used by the process to verify the file's usage rights.
Save the settings. User ID: Save the effective user ID when executing the program. s copy.

Set actual user ID and effective user ID/group

SYNOPSIS
#include <sys/types.h>
#include <unistd.h>

   int setuid(uid_t uid);

DESCRIPTION
setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root (more precisely: if the caller has the CAP_SETUID capability), the real UID and saved set-user-ID are also set.
Set the effective user ID, if it is the super user root, the actual user ID and the saved setting user ID will also be set

Different ways to change the three user IDs: exec / setuid(uid)

Exchange actual user ID and effective user ID

Set effective user ID/group,
super user root and non-privileged user, set various functions with different IDs

setuid() experiment: who performs what kind of operation

mhr@ubuntu:~/Desktop/xitongbiancheng/test$ ./a.out 0 cat /etc/shadow

#include <unistd.h>
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/wait.h>


int main(int argc,char* argv[])
{
	pid_t pid;
	
	if(argc < 3)// 至少三个参数
	{
		fprintf(stderr,"Usage: ...\n");
		exit(1);
	}



	fflush(NULL);
	pid = fork();
	if(pid < 0)
	{
		perror("fork()");
		exit(1);
	}

	else if(pid == 0) //child
	{
		setuid(atoi(argv[1]));//设置用户ID 为 root,前提是 root权限下执行该可执行程序 
		fflush(NULL);
		execvp(argv[2],argv+2);//变参 用 execvp()
		perror("execvp");
		exit(1);
	}

	wait(NULL);

		
	
	exit(0);
}

root@ubuntu:/home/mhr/Desktop/xitongbiancheng/test# ./a.out 0 cat /etc/shadow

The premise is to execute the executable program under root privileges

Interpreter file

The essence is a script file, and its starting line is in the form:
#! pathname [optional-argument]

Common interpreter files such as:
#! /bin/sh

The interpreter file does not require the suffix name, such as:

p.exec

#! /bin/bash

ls
cat /etc/shadow
ps




mhr@ubuntu:~/Desktop/xitongbiancheng/test$ 
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ chmod u+x p.exec   // 给 可执行权限x
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ 
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ 
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ ls -l p.exec 
-rwxrw-r-- 1 mhr mhr 37 Feb 21 22:51 p.exec
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ 
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ ./p.exec 
a.out  p.exec  test.c  TEST_FILE  wait.c
cat: /etc/shadow: Permission denied
   PID TTY          TIME CMD
  7179 pts/2    00:00:00 bash
  7671 pts/2    00:00:00 bash
  7700 pts/2    00:00:00 p.exec
  7703 pts/2    00:00:00 ps
mhr@ubuntu:~/Desktop/xitongbiancheng/test$ 

That is, /bin/bash is executed, and /bin/bash is used to explain
ls
cat /etc/shadow
ps