配置 linux 开机运行脚本 && setuid & setgid
2016-05-25 16:56
555 查看
方法1:
编辑文件:/etc/rc.local
sudo vi /etc/rc.local
添加你想要执行的脚本或者也可以直接将命令写在rc.local 里头,但是要注意rc.local 的 shebang 是
#!/bin/bash还是
#!/bin/sh,这个对命令的执行有影响!因为有些系统上sh指向的是
dash而不是
bash
如果希望配置系统默认为bash而非dash:
sudo dpkg-reconfigure dash
#!/bin/bash # This script is executed at the end of each multiuser runlevel export MY_ENV_VAR=/home/guowei/robot # 添加命令 /path/to/my/script.sh # or 添加想要执行的脚本 exit 0
e.g. script.sh 内容如下(最好添加 shebang):
#!/bin/bash service xxx restart # 无需加sudo chmode 777 xxx
方法2
在 /etc/init.d 文件夹中创建脚本 如:myscript.sudo vi /etc/init.d/myscript # 名字随意
添加想要执行的命令:
#!/bin/sh export MY_ENV_VAR=/home/guowei/robot # 添加命令 /path/to/my/script.sh # 添加想要执行的脚本
使其拥有可执行权限
chmod ugo+x /etc/init.d/myscript # 或者 chmod 777 /etc/init.d/myscript
配置其开机启动:
sudo update-rc.d myscript defaults
或者手动创建软连接
sudo ln -s /etc/init.d/myscript /etc/rcX.d/其中X为你的runleve具体的runlevel 可以 who -r 查看(一般是为所有的runlevel都创建软连接)。关于runleve: 0为halt, 1为Single-user mode,6为reboot, 2-5为正常登陆的runlevel
方法3:
添加一个 Upstart job,步骤:创建 myjob.conf文件:
sudo vi /etc/init/myjob.conf
内容如下:
description "my job" start on startup task exec /path/to/my/script.sh
关于setuid和setgid
一个文件归属权: 所有者 & 组一个文件属性: 除了rwx属性外,还有 setuid&setgid属性(s),可执行文件和目录有区别。
ls -l drwxr-xr-x 2 root root 4096 5月 26 01:34 aa drwxrwsr-x 4 guowei root 4096 5月 26 01:39 bb // 用户为guowei, 组为 root. 其中s表示 setuid&setgid 属性,d表示目录,rwx表示读-写-执行
修改文件归属权:
sudo chown root ./bb // 修改所有者 sudo chown :guowei ./aa // 修改组 ls -l drwxr-xr-x 2 root guowei 4096 5月 26 01:34 aa drwxrwsr-x 4 root root 4096 5月 26 01:39 bb // root root
修改属性:
修改可执行文件的setuid,使得其他用户能够以该文件所有者的权限来执行该文件(or setgid,以组的权限执行该文件):
sudo chmod +s ./myapp # 同时设置 UID&GID,如果该文件所有者(或者group)为root,那么其他用户无需加sudo等,便可以root权限去执行该程序 # 或者 sudo chmod u+s ./myapp # 只设置UID
修改目录的setgid,使得在该目录下创建的新的文件或文件夹继承该目录的组,而不是该用户的组:
sudo chmod +s ./bb # 设置UID&GID #或者 sudo chmod g+s ./bb # 只设置GID ls -l drwxr-xr-x 2 guowei root 4096 5月 26 01:34 aa # 没有setgid drwxrwsr-x 4 guowei root 4096 5月 26 01:39 bb # 有setgid mkdir -p aa/aa2 mkdir -p bb/bb2 ls -l aa drwxrwxr-x 2 guowei guowei 4096 5月 26 01:58 aa2 # 组为guowei ls -l bb drwxrwsr-x 2 guowei root 4096 5月 26 01:58 bb2 # 组为root,而不是guowei,而且继承了setgid
如何以普通用户登陆执行root权限的程序?
1. 对可执行文件 setuid & setgid:SUID (Set User ID up on execution) When an executable file has been given the setuid attribute, normal users on the system who have permission to execute this file gain the privileges of the user who owns the file (commonly root) within the created process.
SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.
setuid能够使普通用户获得与该文件的所有者相同的执行权限 (仅限可执行程序,出于安全考虑bash脚本不能够setuid——Setuid shebang)。如果该文件所有者是root,那么该用户久可以不用加sudo执行该程序,如下:
sudo chown root ./myapp # myapp所有者为root # chmod 可以指定 ugoa(owner, group, other, all),默认为a(all user) sudo chmod +s ./myapp # set user or group ID on execution (s), 取消:chmod -s
So, the setuid and setgid bits are normally set with the command chmod by setting the high-order octal digit to 4 for setuid or 2 for setgid. “chmod 6711 file” will set both the setuid and setgid bits (4+2=6), making the file read/write/executable for the owner (7), and executable by the group (first 1) and others (second 1). When a user other than the owner executes the file, the process will run with user and group permissions set upon it by its owner. For example, if the file is owned by user root and group wheel, it will run as root:wheel no matter who executes the file.
2. 对目录 setuid & setgid:
The setuid and setgid flags, when set on a directory, have an entirely different meaning.
Setting the setgid permission on a directory (“chmod g+s”) causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit(再在子目录中创建新的目录,还是继承同样的gid). Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:
root@foo# find /path/to/directory -type d -exec chmod g+s '{}' \;
ref link: http://www.linuxnix.com/suid-set-suid-linuxunix/
相关文章推荐
- Linux 网桥配置命令:brctl
- linux下 putty 的痛苦编译之路
- Linux 下十大命令行下载工具
- CENTOS7 安装mantis
- linux系统中的crontab
- 每天一个linux命令(12):more命令
- Linux MakeFile文件的生成步骤
- Install Cassandra on Linux(CentOS)
- linux之getopt_long函数
- linux--定时任务--crontab
- linux 上 搭建 svn版本库
- 20135337——Linux实践三:ELF文件格式(64位系统,简单分析)
- awk文件处理
- 广度优先搜索
- 一天一个linux命令(1):top
- 音乐无界限,听见好时光——网易云音乐 Linux 版震撼来袭!
- Red Hat Enterprise Linux Release Dates
- Linux FTP服务器架设
- Red Hat Enterprise Linux 各个版本以及发布日期
- centos调整root的空间大小