Setuid & Setgid

"Setuid & Setgid"

1. Commentary by Setuid and Setgid

The setuid and setgid bits are programs or commands that allow a normal user to run only the root account in the root user's role. For example, we use the normal user to run the passwd command to change their password, in fact, the final change is the/etc/passwd file we know/etc/passwd file is a user-managed profile, only the root user can change

[Email protected] ~]# ls-l/etc/passwd

-rw-r--r--1 root root 2379 04-21 13:18/etc/passwd

As a normal user, if you modify your password by modifying the/etc/passwd is definitely not a task, but it can be modified by a command, the answer is yes, as a normal user can be passwd to modify their own password thanks to the permission of the passwd command we take a look;

[Email protected] ~]# ls-l/usr/bin/passwd

-r-s--x--x 1 root root 21944 02-12 16:15/usr/bin/passwd

Because the/usr/bin/passwd file has set the setuid permission bit (that is, r-s--x--x in the s), so ordinary users can temporarily become root, indirectly modify the/etc/passwd, in order to modify their own password permissions.

2. Examples of setuid and setgid applications

We want to let a normal user Beinan have the root user has the Super RM Delete permission, we in addition to SU or sudo temporarily switch to root identity operation, what still can do???

[[Email protected] ~] #cd/Home Note: Enter/home directory

[[email protected] home]# Touch beinantest.txt Note: Create a file;

[[email protected] home]# ls-l beinantest.txt Note: view file attributes;

-rw-r--r--1 root root 0 04-24 18:03 beinantest.txt Note: properties of the file;

[[email protected] home]# su Beinan NOTE: switch to normal user Beinan

[[email protected] home]$ RM-RF beinantest.txt Note: Delete the Beinantest.txt file as a normal user;

RM: Unable to delete beinantest.txt: Insufficient permissions

So how can we make Beinan this ordinary user also has the root super rm delete skill?

[Email protected] ~]# ls-l/BIN/RM

-rwxr-xr-x 1 root root 93876 02-11 14:43/bin/rm

[[email protected] ~]# chmod 4755/bin/rm Note: Set RM permissions to 4755 to set the setuid bit

[Email protected] ~]# ls-l/BIN/RM

-RWsr-xr-x 1 root root 43980 02-11 14:43/bin/rm

[Email protected] ~]# cd/home/

[[email protected] home]# su Beinan NOTE: Switch to Beinan user identity;

[[email protected] home]$ ls-l beinantest.txt Note: view file attributes;

-rw-r--r--1 root root 0 04-24 18:03 beinantest.txt Note: properties of the file;

[[email protected] home]$ RM-RF beinantest.txt Note: delete beinantest.txt file;

We just set the RM setuid bit and let the average user have super root delete super Power on the RM command

With this example, we should be able to understand the application of the setuid and Setgid bits, as previously said, to allow ordinary users to transcend their own capabilities, so that ordinary users can execute commands that only root can execute at this point, we are going with Su and sudo To differentiate see the documentation for SU and sudo: Control of super-permissions in Linux systems

3, setuid and Setgid setting method

The first method: the Octal method:

Setuid bit is set with octal 4000,setgid occupies the octal 2000, for example, we said earlier Chmod 4755/bin/rm is the set of setuid bit;

As for the Setuid setting method, just add a number to the Octal method that we set the file or directory permission bit through chmod, which is 4 for example:

[[email protected] ~]# chmod 4755/bin/rm Note: Set RM permissions to 4755 to set the setuid bit

As the Setgid bit occupies 2000 bits of octal, let's take an example below;

[Email protected] ~]# cd/home/

[Email protected] home]# mkdir Slackdir

[Email protected] home]# ls-ld slackdir/

Drwxr-xr-x 2 root root 4096 04-24 18:25 slackdir/

[Email protected] home]# chmod 2755 slackdir/

[Email protected] home]# ls-ld slackdir/

Drwxr-sr-x 2 root root 4096 04-24 18:25 slackdir/

We see slackdir This directory, after changing the permissions, the directory belongs to the user group of the three permission bit is r-s if we see a lowercase s, indicating that the file belongs to the user group bit has execute permission x because we used 2755, meaning that the file owner has a readable writable executable permission, belong to the user group has a readable executable permission, and set the setuid, so the user group belonging to the original file has R-x, now add the Setgid bit, the X into the s if the file belongs to the user group does not have execute permissions, This permission should be the S-setuid bit in the uppercase s and lowercase s, and this principle is also shown in the following example;

[Email protected] home]# chmod 2740 slackdir/

[Email protected] home]# ls-ld slackdir/

drwxr-S---2 root root 4096 04-24 18:25 slackdir/

This example is because the group that the directory Slackdir belongs to does not have execute permission, it is originally displayed on the execution permission bit--because of the setuid, it is displayed as s

　　

How do we run a command if we have a read executable for the permissions of a file, other users can read the executable, and set the setuid and Setgid bits at the same time?

[email protected] ~]# Touch gooddoc.txt

[Email protected] ~]# ls-l gooddoc.txt

-rw-r--r--1 root root 0 04-24 18:47 gooddoc.txt

[Email protected] ~]# chmod 6755 gooddoc.txt

[Email protected] ~]# ls-l gooddoc.txt

-RWsR-sr-x 1 root root 0 04-24 18:47 gooddoc.txt

So, setting setuid and setgid at the same time, is to add setuid and setgid two octal values (4000 2000=6000), and then add the three-bit value of the permission bit of the file or directory (the example above is 755), and then through the chmod It works, so the above example uses 6755

　　

The second method: through mnemonic grammar;

Or the use of chmod mnemonic grammar, through the U s or u-s to increase or decrease the setuid bit, similarly, we can through G s or g-s to setgid bit;

[[email protected] ~]# Touch mydoc.txt Note: Create a file;

[Email protected] ~]# ls-l mydoc.txt

-rw-r--r--1 root root 0 04-24 19:00 mydoc.txt

[Email protected] ~]# chmod u s mydoc.txt

[Email protected] ~]# ls-l mydoc.txt

-rwsr--r--1 root root 0 04-24 19:00 mydoc.txt

We can also use the file command to view the setuid and setgid bits, and, of course, to use file to see the type of the files;

Like what:

[Email protected] ~]# FILE/USR/BIN/PASSWD

Setuid & Setgid