SUID(设置用户 ID)的语义
看来我在理解 SUID 位的语义时遇到了一些麻烦,也许有人可以帮助我澄清情况。
我对SUID位语义的理解如下: 当我为文件设置 SUID 位时,该文件将以文件所有者的身份执行,而不是作为文件的调用者执行。因此,为了测试此行为,我编写了以下 python 脚本:
#!/usr/bin/python3 -O
import os
def main():
print('Real UserID: %d' % os.getuid())
print('Effective UserID: %d' % os.geteuid())
if __name__ == '__main__':
main()
之后,我创建了一个名为“testuser”的用户以及相应的组“testuser”,并调整了文件权限(chown testuser 文件、chgrp testuser 文件、chmod u+s,g+ x 文件)。接下来,我将主用户添加到“testuser”组,以便我可以作为该组的成员执行该文件。毕竟,文件权限看起来像这样:
-rwsr-xr-- 1 testuser testuser 168 2011-04-02 13:35 procred.py*
因此,当我作为 testuser 登录时,脚本会生成输出:
Real UserID: 1001
Effective UserID: 1001
...当我作为主用户运行脚本时,脚本会输出:
Real UserID: 1000
Effective UserID: 1000
现在据我了解,脚本应该具有在后面的执行中以 uid 1001(文件所有者)的用户身份运行。我的整个概念是错误的还是我的错误在哪里?
it seems that I have some trouble understanding the semantics of the SUID bit, perhaps someone can help me clarify the situation.
My understanding of the semantic of the SUID bit are as follows:
When I set the SUID bit with a file, then the file will be executed as the owner of the file and not as the caller of the file. So to test this behavior I wrote the following python script:
#!/usr/bin/python3 -O
import os
def main():
print('Real UserID: %d' % os.getuid())
print('Effective UserID: %d' % os.geteuid())
if __name__ == '__main__':
main()
After that I created a user named "testuser" with the corresponding group "testuser" and adjusted the file permissions (chown testuser file, chgrp testuser file, chmod u+s,g+x file). Next I added my main user to the "testuser" group so that I can execute the file as a member of the group. After all that the file permissions looked like this:
-rwsr-xr-- 1 testuser testuser 168 2011-04-02 13:35 procred.py*
So when I am login as the testuser the script produces the output:
Real UserID: 1001
Effective UserID: 1001
...and when I run the script as my main user the script outputs:
Real UserID: 1000
Effective UserID: 1000
Now as of my understanding the script should have run as the user with the uid 1001 (the owner of the file) in the latter execution. Am I getting the whole concept wrong or where is my mistake?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
在 *.py 文件上设置 SUID 位在这里没有任何帮助,因为脚本是由 Python 解释器执行的,在这种情况下必须设置 SUID。在这里使用“sudo”是你更好的朋友。
Setting the SUID bit on a *.py file does not help in any way here since the script is executed by the Python interpreter which must be set SUID in this case. Using 'sudo' is your better friend here.
设置 SUID 对脚本不起作用,因为内核会看到 #! (shebang - magic number 0x23 0x21 - man magic)并在使用脚本作为输入调用解释器 /usr/bin/python 之前删除权限。解决方法是设置 python 解释器 SUID root 并添加功能以在执行脚本之前更改拥有该脚本的用户的权限(以防设置了 SUID 位)。以幼稚的方式这样做会带来安全问题。如何以聪明的方式做到这一点可以在这里找到: http://perldoc.perl.org/perlsec .html
其他链接:
Setting SUID does not work for scripts, because the kernel sees the #! (shebang - magic number 0x23 0x21 - man magic) and drops the privileges before calling the interpreter /usr/bin/python with the script as input. A way around is setting the python interpreter SUID root and add functionality to change privileges to the user owning the script before executing the script, in case SUID bit is set. Doing this in a naive way will impose security problems. How to do it in a smart way can be found here: http://perldoc.perl.org/perlsec.html
Additional Links:
我在网上找到了这个链接。您可以将 SUID 设置为此包装器并使用它。
但个人更喜欢 sudo 解决方案。 ;)
I found this link in the web. you can set SUID to this wrapper and use this one.
but personally prefer sudo solution. ;)