使用set-user-ID-on-execution选项可执行文件未设置有效的uid
[英]Executable with set-user-ID-on-execution option doesn't set effective uid
问题描述
Here is a program which shows euid: 
这是一个显示euid的程序:
$ cat main.c
#include <stdio.h>
#include <unistd.h>
int main(int argc, char** argv) {
printf("euid: %d\n", geteuid());
return 0;
}
$ gcc main.c -o main
$ ls -l main
-rwxr-xr-x 1 scdmb scdmb 6425 Mar 30 14:07 main
Let's set set-user-ID-on-execution option: 让我们设置执行时set-user-ID-on-execution :
$ chmod u+s main
$ ls -l main
-rwsr-xr-x 1 scdmb scdmb 6425 Mar 30 14:07 main
Program executed as user scdmb shows right euid: 以用户scdmb执行的程序显示正确的euid:
$ ./main
euid: 1000
$ id -u scdmb
1000
Let's execute program as other user: 让我们以其他用户身份执行程序:
$ id -u jakisuser
1001
$ su jakisuser
Password:
Now euid is the same as uid of user jakisuser: 现在euid与用户jakisuser的uid相同:
$ ./main
euid: 1001
Why this set-user-ID-on-execution option doesn't cause that second time effective user id is not 1000 (as file owner) but 1001 (as the one who executes program)? 为什么执行此set-user-ID-on-execution不会导致第二次有效用户ID不是1000(作为文件所有者)而是1001(作为执行程序的用户)? Shouldn't it be the same as owner of file main ? 它不应该与文件main所有者相同吗?
1 个解决方案
解决方案1
1 已采纳 2014-03-30 13:13:35
I've just tried this here and your program works perfectly. 我刚刚在这里尝试过,您的程序运行完美。
What I suspect is happening is that you have apparmor or selinux or something else in the way which is preventing your SUID bit from taking effect. 我怀疑正在发生的事情是您使用了apparmor或selinux或其他方式阻止了SUID位生效。 I suggest you disable those and try again. 我建议您禁用这些,然后重试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.