suid&&sgid
2013-11-18 08:19
465 查看
When we execute a program file, the effective user ID of the process is usually the real user ID, and the effective group ID is usually the real group ID. But the capability exists to set a special flag in the file's mode word (st_mode) that says "when
this file is executed, set the effective user ID of the process to be the owner of the file (st_uid)." Similarly, another bit can be set in the file's mode word that causes the effective group ID to be the group owner of the file (st_gid). These two
bits in the file's mode word are called the set-user-ID bit and the set-group-ID bit.
For example, if the owner of the file is the superuser and if the file's set-user-ID bit is set, then while that program file is running as a process, it has superuser privileges. This happens regardless
of the real user ID of the process that executes the file. As an example, the UNIX System program that allows anyone to change his or her password, passwd(1), is a set-user-ID program. This is required so that the program can write the new password
to the password file, typically either /etc/passwd or /etc/shadow, files that should be writable only by the superuser. Because a process that is running set-user-ID to some other user usually assumes extra permissions, it must
be written carefully.
this file is executed, set the effective user ID of the process to be the owner of the file (st_uid)." Similarly, another bit can be set in the file's mode word that causes the effective group ID to be the group owner of the file (st_gid). These two
bits in the file's mode word are called the set-user-ID bit and the set-group-ID bit.
For example, if the owner of the file is the superuser and if the file's set-user-ID bit is set, then while that program file is running as a process, it has superuser privileges. This happens regardless
of the real user ID of the process that executes the file. As an example, the UNIX System program that allows anyone to change his or her password, passwd(1), is a set-user-ID program. This is required so that the program can write the new password
to the password file, typically either /etc/passwd or /etc/shadow, files that should be writable only by the superuser. Because a process that is running set-user-ID to some other user usually assumes extra permissions, it must
be written carefully.
相关文章推荐
- 让PHP以ROOT权限执行系统命令的方法&SUID,SGID,SBIT权限的作用和设置
- sgid&suid&sticky bit
- Suid & Sgid & Sticky bit & Effective ID & Real ID
- Linux&Unix 的suid和guid(sgid)
- <三>Linux文件权限与属性详解--SUID、SGID & SBIT
- linux中SUID,SGID和SBIT的奇妙用途
- 关于UNIX和Linux系统下SUID、SGID的解析
- linux特殊权限SUID、SGID、SBIT
- linux 三种特殊权限简介 s suid sgid sticky-bit
- 关于UNIX和Linux系统下SUID、SGID的解析
- [BusyBox] "Using fallback suid method" Message
- 具有 SUID/SGID 权限的命令运行状态
- 特殊权限SUID、SGID、SBIT,软连接、硬链接文件
- Linux上文件的特殊权限SUID,SGID,SBIT详解
- 关于UNIX和Linux系统下SUID、SGID的解析
- 学习笔记(五)——chown,chmod,chattr,lsattr,suid,sgid,stick_bit,Linux搜索文件/命令,软链接,硬链接
- Linux 文件目录特殊权限设定(SUID,SGID,SBIT)
- linux中suid和sgid
- Linux/Unix中的SUID和SGID文件权限和在CVS项目管理中的应用
- linux下粘滞位引出的SUID和SGID