为什么 setuid 不是 运行 作为所有者?
Why is setuid not running as the owner?
我目前正在尝试了解文件权限中的特殊位的作用,但目前无法理解 setuid 位的作用。在所有在线资源中,它说:
Commonly noted as SUID, the special permission for the user access level has a single function: A file with SUID always executes as the user who owns the file, regardless of the user passing the command
然而,在一个简单的实验中,这似乎不是真的(除非我误解了并且做错了什么?)即
mkdir /tmp/foo
mkdir /tmp/foo/bar
chmod 0700 /tmp/foo/bar # Restrict directory so only current user can access
echo content > /tmp/foo/bar/baz.txt # Create content in the restricted directory
echo "ls /tmp/foo/bar" > /tmp/foo/myscript.sh # Script to access content of restricted directoy
chmod 4777 /tmp/foo/myscript.sh # Set setuid bit so the script runs as current user
/tmp/foo/myscript.sh # Show it works when run as current user
#> baz.txt
su bob # Switch to a new user
/tmp/foo/myscript.sh # Run script again
#> ls: cannot open directory '/tmp/foo/bar': Permission denied
我的期望是,由于设置了 setuid 位,脚本应该以原始用户身份执行,因此应该有权 ls 进入受限目录。但相反,我收到了一个权限被拒绝的错误,表明该脚本不是 运行 原始用户。
如果能帮助我理解我做错了什么,将不胜感激。 (示例是 运行 on zsh / ubuntu 20.04 / wsl2)
suid 位仅适用于二进制可执行程序,不适用于 shell 脚本。您可以在此处找到更多信息:https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
我目前正在尝试了解文件权限中的特殊位的作用,但目前无法理解 setuid 位的作用。在所有在线资源中,它说:
Commonly noted as SUID, the special permission for the user access level has a single function: A file with SUID always executes as the user who owns the file, regardless of the user passing the command
然而,在一个简单的实验中,这似乎不是真的(除非我误解了并且做错了什么?)即
mkdir /tmp/foo
mkdir /tmp/foo/bar
chmod 0700 /tmp/foo/bar # Restrict directory so only current user can access
echo content > /tmp/foo/bar/baz.txt # Create content in the restricted directory
echo "ls /tmp/foo/bar" > /tmp/foo/myscript.sh # Script to access content of restricted directoy
chmod 4777 /tmp/foo/myscript.sh # Set setuid bit so the script runs as current user
/tmp/foo/myscript.sh # Show it works when run as current user
#> baz.txt
su bob # Switch to a new user
/tmp/foo/myscript.sh # Run script again
#> ls: cannot open directory '/tmp/foo/bar': Permission denied
我的期望是,由于设置了 setuid 位,脚本应该以原始用户身份执行,因此应该有权 ls 进入受限目录。但相反,我收到了一个权限被拒绝的错误,表明该脚本不是 运行 原始用户。
如果能帮助我理解我做错了什么,将不胜感激。 (示例是 运行 on zsh / ubuntu 20.04 / wsl2)
suid 位仅适用于二进制可执行程序,不适用于 shell 脚本。您可以在此处找到更多信息:https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts