5. setuid and setgid bits; this part of the contents in order to understand, take a look at it; 5.1setuid and setgid captions; setuid and setgid bit is to allow ordinary users to the role of the root user runs only the root account to run the program or command.
For example, we use ordinary users run passwd command to change their own password, in fact the final change is/etc/passwd file. We know/etc/passwd file is user management profile, only root can change the permissions of the user. Root @ localhost ~] # ls-l/etc/passwd-rw-r-r-1rootroot237904-2113: 18/etc/passwd as an ordinary user if you modify your password by modifying/etc/passwd is certainly not complete the task, but not by a command to modify it. The answer is Yes, as a normal user can use passwd to change their own password. Thanks to the passwd command. Let's take a look at; root @ localhost ~] # ls-l/usr/bin/passwd-x r-s — — — — x1rootroot2194402-1216: 15/usr/bin/passwd because/usr/bin/passwd file has set the setuid permission bits (that is, r-s — x — x of s), so the average user can temporarily become root, indirectly modify/etc/passwd to modify their own password. We know that Linux user management is very strict, different users have different permissions to complete only the root user to complete the work, we must elevate privileges for ordinary users, the most common method is su or sudo. While the setuid and setgid are let ordinary users beyond their normal permissions to root permissions, but I do not recommend you use, because it can be a security risk for your system!! Note: setuid and setgid are at risk, so the less as possible to learn to understand both ~ ~ ~ 5.2setuid and setgid instance application; we want to make a normal user has root user owns the beinan Super rm delete permission, we use su or sudo to temporarily switch to the root operation, you can do me. root @ localhost ~] # cd/home Note: Enter/home directory root @ localhost home] # touchbeinantest.txt note: create a test file; root @ localhost home] # ls-lbeinantest.txt note: viewing file properties;-rw-r-r-1rootroot004-2418: 03beinantest.txt note: file properties; root @ localhost home] # subeinan Note: switch to the normal user beinan beinan @ localhost home] $ rm-rfbeinantest.txt note: as a normal user to delete beinantest.txt file; rm: cannot remove "beinantest.txt": permission isn't enough then are we going to let the beinan this ordinary users also have the root Super RM deletes skill? root @ localhost ~] # ls-l/bin/rm-rwxr-xr-x1rootroot9387602-1114: 43/bin/rm root @ localhost ~] # chmod4755/bin/rm Note: setting permissions 4755 rm, the setuid bit set. Root @ localhost ~] # ls-l/bin/rm-rwsr-xr-x1rootroot4398002-1114: 43/bin/rm root @ localhost ~] # cd/home/root @ localhost home] # subeinan Note: switch to the beinan user identity; root @ localhost home] $ ls-lbeinantest.txt note: viewing file properties;-rw-r-r-1rootroot004-2418: 03beinantest.txt note: file properties; beinan @ localhost home] $ rm-rfbeinantest.txt note: delete beinantest.txt files; we just set the setuid bit rm, let ordinary users in the RM command has super powers of delete Super root. Through this example, we should be able to understand the setuid and setgid bits of the application, as said earlier, let ordinary users beyond its ability to allow normal users can perform only root can execute commands. At this point, we want to distinguish su and sudo. 5.3setuid and setgid settings method; the first method: octal method: setuid bit is set in octal of 4000, setgid occupy an octal-2000; for example we said chmod4755/bin/rm is the setuid bit set; as regards the method of setting setuid, just as we passed the chmod settings file or directory permissions octal method to insert an extra digit in front, which is 4. e.g. root @ localhost ~] # chmod4755/bin/rm Note: setting permissions 4755 rm, the setuid bit set. As the setgid bits occupy an octal of 2000, we have the following example; root @ localhost ~] # cd/home/root @ localhost # mkdirslackdir home] root @ localhost home] # ls-ldslackdir/drwxr-xr-x2rootroot409604-2418: 25slackdir/root @ localhost # chmod2755slackdir/home] root @ localhost home] # ls-ldslackdir/drwxr-sr-x2rootroot409604-2418: 25slackdir/
No comments:
Post a Comment