可执行文件是否与 运行 它的用户具有相同的文件权限?
Does an executable have the same file privileges as the user who ran it?
在 Unix 中,如果我 运行 一个与文件混在一起的二进制文件,该二进制文件是否具有与我(运行 二进制文件的用户)相同的文件权限?
在大多数情况下,答案是肯定的!
然而,如果您在该二进制文件上启用了 setuid
、setgid
位,则情况并非如此。
启用 setuid
的二进制文件的经典示例。
ls -ltra `which passwd`
如果在执行期间不能授予您(执行该命令的用户)与 root 相同的权限来修改 /etc/password
或 [=15= 等文件,该命令将无法工作]
看看:
https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
setuid权限
When set-user identification (setuid) permission is set on an
executable file, a process that runs this file is granted access based
on the owner of the file (usually root), rather than the user who is
running the executable file. This special permission allows a user to
access files and directories that are normally only available to the
owner.
setgid权限
The set-group identification (setgid) permission is similar to setuid,
except that the process's effective group ID (GID) is changed to the
group owner of the file, and a user is granted access based on
permissions granted to that group. The /usr/bin/mail command has
setgid permissions
如果您想更深入地了解 Linux 如何管理流程和子流程,您可能还想看看 fork
和 exec
。
在 Unix 中,如果我 运行 一个与文件混在一起的二进制文件,该二进制文件是否具有与我(运行 二进制文件的用户)相同的文件权限?
在大多数情况下,答案是肯定的!
然而,如果您在该二进制文件上启用了 setuid
、setgid
位,则情况并非如此。
启用 setuid
的二进制文件的经典示例。
ls -ltra `which passwd`
如果在执行期间不能授予您(执行该命令的用户)与 root 相同的权限来修改 /etc/password
或 [=15= 等文件,该命令将无法工作]
看看:
https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
setuid权限
When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner.
setgid权限
The set-group identification (setgid) permission is similar to setuid, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions granted to that group. The /usr/bin/mail command has setgid permissions
如果您想更深入地了解 Linux 如何管理流程和子流程,您可能还想看看 fork
和 exec
。