stackoom
  简体   繁体   中英

Can owner technically run setuid and not be able to execute program?

 原文  2021-10-18 17:28:52       unix/ setuid

Question

When a setuid program is run, are the permission bits for the owner technically rwx ?

I was thinking that the first three permission bits were for the owner but thinking on it more if they were --- , this wouldn't make sense as a setUID program.

My understanding is the first three bits are for the user (ie the one currently logged in). Is this correct?

2 answers

solution1
 0  2021-10-18 19:19:49

When a setuid program is run, are the permission bits for the owner technically rwx?

No.

When a setuid program is run, then (from chmod):

Executable files with this bit set will run with effective uid set to the uid of the file owner.

Nothing more, nothing less. The first three permission bits are for the owner, as you say. And yes, if the user did not have execute permission, that wouldn't make sense (and it wouldn't be an "executable file").

Is there a specific case you have in mind that you're having trouble testing?

solution2
 0  2021-12-05 16:18:28

You can do this, it will run the program with the effective uid of the owner.

However, it just won't work as you expect for setuid root binaries invoked by root . This is because root doesn't honor permission bits on executables in the way that other users do. When root runs a program it will execute if any of user, group or other executable permissions are present. Given it can execute the file, it will honor the user-setuid bit (but root defaults to effective uid of 0 so its redundant):

Here are two examples:

  • setuid root (which shows you can't prevent root from executing the program): 
$ cp /usr/bin/id .
$ sudo chown root ./id
$ sudo chmod u-rwx ./id
$ sudo ./id
uid=0(root) gid=0(root) groups=0(root)
$ sudo chmod u+s ./id
$ ls -l ./id
---Sr-xr-x 1 2 root tinkerer Dec  5 07:25 ./id
$ ./id -u
0
$ sudo ./id -u
0
  • setuid bin (which shows it works exactly as you expect): 
$ cp /usr/bin/id .
$ sudo chown bin ./id
$ sudo chmod u-rwx ./id
$ sudo -u bin ./id
sudo: unable to execute ./id: Permission denied
$ sudo chmod u+s ./id
$ ls -l ./id
---Sr-xr-x 1 2 bin tinkerer Dec  5 07:30 ./id
$ ./id -u
2
$ sudo ./id -u
2
$ sudo -u bin ./id
sudo: unable to execute ./id: Permission denied

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question setuid bit on, yet program can't open a superuser file Program can't load after setting the setuid bit on How to let a program can be run by a specific user with owner's privilege on linux Does setuid set the effective uid to root, or the owner's uid? bash does not get root permissions with setuid program Can i setuid for perl script? Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()? Can a program adopt the permissions of the user, or is it completely restricted by owner? Not able run the script based on the results of java program can any user change uid/gid using setuid()/setgid?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM