堆栈内存溢出
  简体   繁体   English

程序是否可以采用用户的权限,还是被所有者完全限制?

[英]Can a program adopt the permissions of the user, or is it completely restricted by owner?

 原文  2013-02-27 11:40:55       linux/ unix

问题描述

例如,当root用户在* nix环境中运行程序,但程序所有者是非root用户时,该程序是否可以执行具有root权限的操作?

3 个解决方案

解决方案1
 3 已采纳  2013-02-27 11:42:20

The permissions of an application are determined on the user that executed the program. 应用程序的权限由执行程序的用户确定。

If it would take the permissions of the owner, the sudo command, for example, would not have any effect. 如果它将获取所有者的权限,例如, sudo命令将不会产生任何影响。 Furthermore, most applications in /bin (or any other system location) are owned by the root user (so one is not able to (easily) modify them), but are still executed with the users permissions. 此外, /bin (或任何其他系统位置)中的大多数应用程序都归root用户所有(因此无法(轻松)修改它们),但仍然使用用户权限执行。

Note, that if an program has the setuid or setgid bit(s) set, then the application is started with respectively the user and/or group permissions. 请注意,如果程序设置了setuidsetgid位,则分别以用户和/或组权限启动应用程序。 This allows regular users to perform actions that typically require root permissions without having access to the root account. 这允许常规用户执行通常需要root权限的操作,而无需访问root帐户。

To set the setuid bit use: 要设置setuid位,请使用: 

chmod u+s /path/to/application

Same goes for the setgid bit, but using g+s instead of u+s . setgid位也是如此,但使用g+s而不是u+s

解决方案2
 2  2013-02-27 11:42:36

By default the process runs with the ID and privileges of the user that starts it , not with the program owner ID. 默认情况下,进程使用启动它的用户的ID和特权运行,而不是使用程序所有者ID。 So if root starts a process from a program owned by an ordinary user, that process will run with ID=0. 因此,如果root从普通用户拥有的程序启动进程,则该进程将以ID = 0运行。

As Johnsyweb mentions in the comments, if the program happens to have the setuid bit set, it will be run as the owner. 正如Johnsyweb在评论中提到的,如果程序恰好设置了setuid位,它将作为所有者运行。 That's what setuid means: set user ID . 这就是setuid意思: 设置用户ID Typically this is done to allow regular users to run programs such as ping that require superuser permissions. 通常,这样做是为了允许常规用户运行需要超级用户权限的ping等程序。

Note however that Linux for example has a superior mechanism in the form of " Linux Capabilities " where certain select permissions can be granted instead of full setuid. 但请注意,Linux例如具有“ Linux功能 ”形式的优越机制,其中可以授予某些选择权限而不是完整的setuid。

解决方案3
 1  2013-02-27 11:47:41

The user starting the program determines the permissions for that run. 启动程序的用户确定该运行的权限。 If you want a program run with the permissions of another user you can either use su or sudo or set the setuid bit for the program 如果您希望程序以其他用户的权限运行,您可以使用susudo或为程序设置setuid 

chown user program
chmod u+s program

This will force the permissions to be used for user , no matter who runs the program. 无论谁运行程序,这都将强制user使用权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 向用户授予权限/更改所有者 - Grant permissions/change owner to a user 如何让程序可以由拥有Linux所有者权限的特定用户运行 - How to let a program can be run by a specific user with owner's privilege on linux 如何为程序而不是用户设置权限 - How to set permissions for a program and not the user 用户可以创建文件或文件夹,但限制在 centos-8 中删除 - User can create file or folder but restricted to delete in centos-8 是否可以将一个Perl脚本的执行权限限制为只能从另一个Perl脚本调用? - Can execute permissions of a perl script be restricted to call from another perl script? 我们可以将权限从用户更改为root吗? - Can we change permissions from user to root? 授予所有者少于组的权限的原因 - Reason for giving owner less permissions than group 修改我不是所有者的程序 - Modify a program I'm not the owner of Linux更改组权限以匹配所有者权限 - Linux change group permission to match owner permissions SFTP-覆盖权限(文件掩码,所有者/组) - SFTP - overriden permissions (filemask, owner/group)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM