When a setuid program is run, are the permission bits for the owner technically rwx
?
I was thinking that the first three permission bits were for the owner but thinking on it more if they were ---
, this wouldn't make sense as a setUID program.
My understanding is the first three bits are for the user (ie the one currently logged in). Is this correct?
When a setuid program is run, are the permission bits for the owner technically rwx?
No.
When a setuid program is run, then (from chmod):
Executable files with this bit set will run with effective uid set to the uid of the file owner.
Nothing more, nothing less. The first three permission bits are for the owner, as you say. And yes, if the user did not have execute permission, that wouldn't make sense (and it wouldn't be an "executable file").
Is there a specific case you have in mind that you're having trouble testing?
You can do this, it will run the program with the effective uid of the owner.
However, it just won't work as you expect for setuid root
binaries invoked by root
. This is because root
doesn't honor permission bits on executables in the way that other users do. When root
runs a program it will execute if any of user, group or other executable permissions are present. Given it can execute the file, it will honor the user-setuid bit (but root defaults to effective uid of 0 so its redundant):
Here are two examples:
root
(which shows you can't prevent root from executing the program): $ cp /usr/bin/id .
$ sudo chown root ./id
$ sudo chmod u-rwx ./id
$ sudo ./id
uid=0(root) gid=0(root) groups=0(root)
$ sudo chmod u+s ./id
$ ls -l ./id
---Sr-xr-x 1 2 root tinkerer Dec 5 07:25 ./id
$ ./id -u
0
$ sudo ./id -u
0
bin
(which shows it works exactly as you expect): $ cp /usr/bin/id .
$ sudo chown bin ./id
$ sudo chmod u-rwx ./id
$ sudo -u bin ./id
sudo: unable to execute ./id: Permission denied
$ sudo chmod u+s ./id
$ ls -l ./id
---Sr-xr-x 1 2 bin tinkerer Dec 5 07:30 ./id
$ ./id -u
2
$ sudo ./id -u
2
$ sudo -u bin ./id
sudo: unable to execute ./id: Permission denied
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.