- 論壇徽章:
- 0
|
在linux中每個(gè)進(jìn)程有三個(gè)[實(shí)際上有第4個(gè)]用戶標(biāo)識(shí)符.
real uid : 真實(shí)用戶ID.
saved uid : 已保存用戶ID
effective uid : 有效用戶ID
真實(shí)用戶ID(real uid)是login時(shí)的用戶.而在運(yùn)行過程中,
用于所有的安全檢查的是有效用戶ID(effective uid).
一般情況下:
real uid = saved uid = effective uid
在某些場(chǎng)合下,使用用setuid,setruid函數(shù)可以改變effective uid,從而
使得程序運(yùn)行時(shí)具有特殊的權(quán)限.常見的例子是linux系統(tǒng)中的passwd命令,
由于所有的用戶信息包括用戶密碼都保存在/etc/passwd文件中,而/etc/passwd
文件只有root權(quán)限可以讀寫,若想讓每個(gè)用戶都只可以修改自己的密碼,就必須
讓普通用戶暫時(shí)獲得有限的讀寫/etc/passwd的權(quán)限.用setuid就可以解決這個(gè)
問題.
Linux setuid(uid)函數(shù):
(1)如果由普通用戶調(diào)用,將當(dāng)前進(jìn)程的有效ID設(shè)置為uid.
(2)如果由有效用戶ID符為0的進(jìn)程調(diào)用,則將真實(shí),有效和已保存用戶ID都設(shè)
置為uid.
Linux的setuid函數(shù)和Unix中的setuid函數(shù)的行為是不同的.
Unix中.setuid(uid)函數(shù)的行為:
(1)如果進(jìn)程沒有超級(jí)用戶特權(quán),且uid等于實(shí)際用戶ID或已保存用戶ID,則只
將有效的用戶ID設(shè)置為uid.否則返回錯(cuò)誤.
(2)如果進(jìn)程是有超級(jí)用戶特權(quán),則將真實(shí),有效和
已保存用戶表示符都設(shè)置為uid.
這里主要的區(qū)別在于普通用戶調(diào)用時(shí)的行為.產(chǎn)生這個(gè)問題的原因是POSIX和
BSD的實(shí)現(xiàn)差異,而linux卻同時(shí)支持這兩者.BSD中使用
setreuid(uid_t ruid, uid_t euid)
來設(shè)定真實(shí)用戶ID(real uid)和有效用戶ID(effective uid).這個(gè)函數(shù)在由有效
用戶ID符為0的進(jìn)程調(diào)用時(shí),不會(huì)改變已保存用戶ID.函數(shù)seteuid(uid_t uid)等價(jià)
于setreuid(-1,uid),只改變有效用戶ID(effective uid).
例子:
使用setuid或是setruid,讓非root用戶也可以讀取只有root用戶有讀寫權(quán)限的
文件.
#假設(shè)此程序名為:setuid_ex
#要讀取的文件為:root_only.txt 我修改改寫了一個(gè)c語言版本:
view plain
copy to clipboard
print
?
/* * linux setuid example * */ #include #include #include void test_read_file(const char *name) { int fd = -1; fd = open(name, O_RDWR); if(fd { printf("=[ERROR]:read failed.\n"); } else { printf("=[OK]: read fuccessful\n"); close(fd); } } //打印uid和euid. void p_states(void) { int uid = 0; int euid = 0; printf("-----Current states--------------------------\n"); printf("real uid\t %d\n",getuid()); printf("effective uid\t %d\n",geteuid()); printf("---------------------------------------------\n"); } //調(diào)用setuid void run_setuid_fun(int uid) { if(setuid(uid) == -1) { printf("=[ERROR]:setuid(%d) error\n", uid); } p_states(); } //調(diào)用seteuid void run_seteuid_fun(int uid) { if(seteuid(uid)== -1) { printf("=[ERROR]:seteuid(%d) error\n", uid); } p_states(); } int main() { int t_re = 0; const char *file = "root_only.txt"; printf("\nTEST 1:\n"); p_states(); //此時(shí)real uid = login user id //effective uid = root //saved uid = root test_read_file(file); printf("\nTEST 2:seteuid(getuid())\n"); run_seteuid_fun(getuid()); //[2]此時(shí) real uid= login user id // effective uid = login user id // saved uid = root test_read_file(file); printf("\nTEST 3:seteuid(0)\n"); run_seteuid_fun(0); //read uid = lonin user id //effective uid = root //saved uid = root test_read_file(file); printf("\nTEST 4:setuid(0)\n"); run_setuid_fun(0); //real uid = root //effective uid = root //saved uid= root test_read_file(file); printf("\nTEST 5 setuid(503)\n"); run_setuid_fun(503); //real uid = login user id //effective id = login user id //saved uid = login user id test_read_file(file); printf("\nTEST 6:seruid(0)\n"); //read uid = login user id //effective uid = login user id //saved uid = login user id run_setuid_fun(0); test_read_file(file); return 0; } makefile 需要在root權(quán)限下編譯��,在用戶權(quán)限進(jìn)行執(zhí)行�。
view plain
copy to clipboard
print
?
src=setuid_ex.c exe=setuid_ex cc=gcc flags=-g all: ${cc} ${flags} $(src) -o ${exe} chown root:root ${exe} ### 實(shí)際上chmod 4111改變了effective id 和saved uid的值. ### 這也是setuid setruid函數(shù)在不同權(quán)限間正常切換的前提. chmod 4111 ${exe}
本文來自ChinaUnix博客,如果查看原文請(qǐng)點(diǎn):http://blog.chinaunix.net/u2/72255/showart_2161592.html |
|
免費(fèi)注冊(cè)
發(fā)表于 2010-01-26 21:08