I've been trying to wrap my head around how setuid/setgid work... I came up with this contrived example:
Users:
File a.txt is owned by userA with permissions rw-rw----
(660). I thought if userA created this file, test.sh:
#!/bin/sh
cat a.txt
and ran either chmod g+s test.sh
or chmod u+s test.sh
that upon execution by userB, it would cat a.txt. Instead, I get Permission Denied
. Just to be clear, the file permissions for test.sh end up looking like this: rwsr-xr-x
or rwxr-sr-x
. I thought the whole point of setuid/setgid was that when other users executed the file, they would assume the user id or group id of the file (test.sh in this case). Am I doing something wrong, or is my understanding off?
I've been running my test on RedHat in case that matters. I've also tried playing with umask
, attempting to run the setuid/setgid after running umask 0002
. Didn't help...
WARNING: Setuid and setgid shell scripts are a security hole. There are lots of ways for someone to cause a setuid/setgid to do things that you (the author) didn't intend.
A common trick is to monkey with the environment variables. For example, someone could do this:
ln -s cat /bin/rm
export PATH=.:${PATH}
then use your setuid script to delete the a.txt
file.
Fortunately, the setuid and setgid bits are ignored for shell scripts on many modern Linux systems; see https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts . Some of the answers give workarounds ...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.