bash SUID 不适用于 shell 脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18698976/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SUID not working with shell script
提问by Sachin Gupta
I have created a small shell script with the following content:
我创建了一个包含以下内容的小型 shell 脚本:
cat /usr/bin/checksuid.sh
!/bin/bash
echo "Hello" > /etc/myfile.cnf
ls -l /usr/bin/checksuid.sh
-rwsr-xr-x 1 root root 56 Sep 9 12:56 /usr/bin/checksuid.sh
I have also created a file /etc/myfile.cnfwith root account and set permissions as below:
我还/etc/myfile.cnf使用 root 帐户创建了一个文件并设置如下权限:
-rw-r--r-- 1 root root 6 Sep 9 12:26 /etc/myfile.cnf
When I execute /usr/bin/checksuid.shfrom a non-root account, I get the following error:
当我/usr/bin/checksuid.sh从非 root 帐户执行时,出现以下错误:
/usr/bin/checksuid.sh: line 3: /etc/myfile.cnf: Permission denied
Can some one help you that why SUID is not working?
有人可以帮助您解释为什么 SUID 不起作用吗?
回答by Douglas Leeder
Shell scripts can't be SUID. See http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
Shell 脚本不能是 SUID。见http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
回答by Sk606
From http://www.tuxation.com/setuid-on-shell-scripts.html:
从http://www.tuxation.com/setuid-on-shell-scripts.html:
"the truth is actually that the setuid bit is disabled on a lot of *nix implementations due the massive security holes it incurs"
“事实上,由于大量的安全漏洞,setuid 位在许多 *nix 实现中被禁用”
An alternative approach - wrap the script in something that can use setuid, like this example c program. There are obviously differences to simply calling your script vs using a wrapper like this (e.g. ignored exit codes) but this should give you an idea anyway.
另一种方法 - 将脚本包装在可以使用 setuid 的东西中,例如这个示例 c 程序。简单地调用您的脚本与使用这样的包装器(例如忽略的退出代码)显然存在差异,但这无论如何都应该给您一个想法。
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
setuid( 0 );
system( "/path/to/script.sh" );
return 0;
}
