setgid在/ tmp /上不起作用
[英]setgid does not work on /tmp/
问题描述
I have this C program: 
我有这个C程序:
#include <sys/stat.h>
#include <stdlib.h>
int main(void) {
if (chmod("/tmp/foo", 0755 | S_ISGID) < 0) {
exit(1);
}
exit(0);
}
When I run it like this: 当我这样运行时:
rm -f /tmp/foo &&
touch /tmp/foo &&
./a.out &&
ls -al /tmp/foo &&
a.out runs with exit code 0 but the output is: a.out使用退出代码0运行,但输出为:
-rwxr-xr-x 1 philipp wheel 0 Mar 16 06:58 /tmp/foo
Why is the groupid flag not set here? 为什么未在此处设置groupid标志? The permissions should be -rwxr-sr-x . 权限应为-rwxr-sr-x 。
The following things would fix the issue (but I still wonder why I see this effect): 以下操作可以解决此问题(但我仍然想知道为什么会看到这种效果):
- running the program as root 以root身份运行程序
- running it in a different directory 在其他目录中运行
- running it on Linux 在Linux上运行
- setting the set-user-id (
S_ISUID)设置设置用户ID( S_ISUID) - I can swear it worked in an earlier version of OSX 我可以保证它可以在OSX的早期版本中使用
What I tried but didn't work: 我试过但没用的东西:
-
chmod g+s /tmp/fooalso doesn't workchmod g+s /tmp/foo也不起作用 - disabling csrutil did not change anything 禁用csrutil并没有改变任何东西
- altering the permissions on
/tmp/to something different, eg0777or4777将/tmp/上的权限更改为其他内容,例如0777或4777
So the question remains: what does make /tmp/ different from the other directories if it's not the permissions? 所以问题仍然存在:如果没有权限, /tmp/与其他目录有什么区别? The only difference I could see is: 我能看到的唯一区别是:
ls -al /
showed tmp as this: 显示tmp为:
lrwxr-xr-x@ 1 root wheel 11 Dec 11 19:28 tmp -> private/tmp
The @ sign at the end shows that there are some non-unix properties set on the directory. 最后的@符号表明目录中设置了一些非unix属性。 Querying those with ls -l@ /tmp shows: 用ls -l@ /tmp查询那些显示:
lrwxr-xr-x@ 1 root wheel 11 Dec 11 19:28 /tmp -> private/tmp
com.apple.FinderInfo 32
com.apple.rootless 0
Update : According to comment feedbacks and a downvote I figured the question is confusing, so I totally revised the question and the title. 更新 :根据评论反馈和不赞成票,我认为问题令人困惑,因此我对问题和标题进行了全面修订。 During revision I found out that I wrongly compared the effects of my program against chmod u+s which was wrong, I need to compare against chmod g+s , I also corrected this in my question. 在修订期间,我发现我错误地将程序与chmod u+s的效果进行了比较,这是错误的,我需要与chmod g+s进行比较,我也在问题中对此进行了更正。
1 个解决方案
解决方案1
0 2017-03-15 16:08:45
The chmod() system call sets the permissions on a file to only the value you provide. chmod()系统调用将文件的权限设置为仅您提供的值。 This means that setting permissions to S_IRUSR | S_ISGID 这意味着将权限设置为S_IRUSR | S_ISGID S_IRUSR | S_ISGID clears all other permissions, including user write and execute. S_IRUSR | S_ISGID清除所有其他权限,包括用户写入和执行。
What you probably want is: 您可能想要的是:
chmod("/tmp/foo", 0755 | S_ISGID);
( 0755 being the octal mode for user read+write+execute and group/other read+execute -- it's a lot less typing than the equivalent constants.) ( 0755是用户读+写+执行和组/其他读+执行的八进制模式-与等效常量相比,它的键入少得多。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.