了解setuid和sudo
[英]Understanding setuid and sudo
问题描述
I am trying to understand how sudo works in Linux userland and the Linux kernel. 
我试图了解sudo如何在Linux用户区和Linux内核中运行。 I'm not so much interested in it from a users perspective but I am more interested in understanding it from an implementation/kernel perspective. 从用户的角度来看,我对它并不是那么感兴趣,但我更感兴趣的是从实现/内核的角度来理解它。 (I've debated on putting this on stackexchange vs superuser but I thought here would be the best. Feel free to move it if I made the wrong choice...) (我已经讨论过将它放在stackexchange和超级用户之间,但我认为这将是最好的。如果我做出了错误的选择,请随意移动它...)
So when the kernel is done booting it launches the init process which of course has the uid of 0. This then may launch other processes such as an ssh daemon. 因此,当内核完成引导时,它会启动init进程,该进程当然具有0的uid。然后可以启动其他进程,例如ssh守护进程。 This new process inherits the uid of its parent, eg 0. sshd now also launches child processes, one for each connection. 这个新进程继承了其父进程的uid,例如0. sshd现在也启动子进程,每个进程一个。 Authentication of the user attempting to login is then done, whether that be via the passwd file, shadow file, pam, etc. Once sshd has authenticated a user through whichever method it uses, it does a call to setuid/seteuid to change the processes uid. 然后完成对尝试登录的用户的身份验证,无论是通过passwd文件,影子文件,pam等。一旦sshd通过它使用的任何方法对用户进行了身份验证,它就会调用setuid / seteuid来更改进程UID。 Now my understanding is a program can only go from root to another user and not from user x to root or user x to user y (is that correct?) (with the setuid call?) 现在我的理解是一个程序只能从root到另一个用户而不是从用户x到root或者用户x到用户y(这是正确的吗?)(使用setuid调用?)
Therefore in this regards the kernel really only knows about a uid which is assigned to files, processes, etc. The authentication into a user account is controlled in userland and secure by only allowing a root program to drop into an non-root program. 因此,在这方面,内核实际上只知道分配给文件,进程等的uid。用户帐户中的身份验证在用户空间中受到控制,并且通过仅允许根程序进入非根程序来保护。
So my question is, if the above is correct how does sudo work. 所以我的问题是,如果以上是正确的,那么sudo是如何工作的。 How does my terminal which is currently running my non-root account temporary switch to root permissions? 当前运行我的非root帐户的终端如何临时切换到root权限? Does it interact with a sudo process? 它是否与sudo进程交互? If the above is wrong, even a little I would love to know where I am wrong. 如果以上是错误的,即使是一点点,我也想知道我错在哪里。
1 个解决方案
解决方案1
8 已采纳 2013-03-14 03:09:28
If you take a look at the sudo binary you will see it has the setuid permission bit set on the executable. 如果您查看sudo二进制文件,您将看到它在可执行文件上设置了setuid权限位。 This indicates to the kernel that it should always be executed with the uid of the owner of the executable file, in the case of sudo that is root. 这向内核指示应该始终使用可执行文件的所有者的uid执行,如果是sudo,则为root。 Once sudo is running as root it can do the necessary authentication and a setuid-syscall before the fork/exec. 一旦sudo以root身份运行,它就可以在fork / exec之前进行必要的身份验证和setuid-syscall。
---s--x--x. 2 root root 219272 Jul 17 2012 /usr/bin/sudo
If you note the 's' and the owner you will see what I mean. 如果您注意到's'和所有者,您将看到我的意思。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.