Set executable files Setuid When the permission is set, the process running the file is granted the access permission based on the file owner. This access permission No Based on the users who are running executable files. With this special permission, users can access files and directories that are generally accessible only by the owner.
You can use chmod U + S or chmod g + S to set the EUID of the binary executable file. Setuid can only be set to binary.
UID and EUID of a process
From: http://bbs.linuxpk.com/thread-39597-1-1.html
In Linux, each process has two IDs: the user ID (UID) and the valid user ID (EUID). The UID generally indicates the process creator (which user is created ), EUID indicates the process's access permissions to files and resources (which user has the same permissions ). In C language, you can use the getuid () and geteuid () functions to obtain two ID values of a process.
When a user logs on to the system, the system assigns both the UID and EUID to the uid in the/etc/passwd file. Generally, the two IDs are the same, however, in some cases, two IDs are different.
The same is true for GID and EGID.
The following section CCodeThe difference will be explained: "printid. c"
# Include <stdlib. h>
# Include <stdio. h>
# Include <unistd. h>
# Include <sys/types. h>
Int main (void)
{
Printf ("uid \ t = % d \ n", getuid ());
Printf ("EUID \ t = % d \ n", geteuid ());
Printf ("GID \ t = % d \ n", getgid ());
Printf ("EGID \ t = % d \ n", getegid ());
Return exit_success;
}
Compiled:
Aguo @ linux-x9rc: ~> Gcc-O printid. c
Run:
Aguo @ linux-x9rc: ~> ./Printid
Real uid = 1000
Valid tive uid = 1000
Real gid = 100
Valid tive gid = 100
Check the UID and GID in/etc/passwd:
Aguo @ linux-x9rc: ~> CAT/etc/passwd | grep aguo | awk-F ":" '{print "uid:" $3 "\ tgid:" $4 }'
UID: 1000 GID: 100
The above is the same example.
The following example shows the difference between UID and EUID.
First, modify the file attributes, setuid or setgid.
Aguo @ linux-x9rc: ~> Chmod U + S printid # in this way, the file has the permission of the file owner in the execution phase.
You can also add one more:
Aguo @ linux-x9rc: ~> Chmod g + S printid # in this way, the file has the permission to the group of the file in the execution phase.
Next, change to another user, and try again, for example, change to root;
Linux-x9rc:/home/aguo #./printid
Real uid = 0
Valid tive uid = 1000
Real gid = 0
Valid tive gid = 100
See it? UID and EUID are different!
The preceding demo environment:
OS: SuSE Desktop Linux 11
GCC: 4.3.2
By the way:
Special variables $ <, $> in Perl indicate uid EUID; $ (, $) indicates gid egid.
However, $ (and $) stores a list. GID and EGID are the first ones. Perl settings are not discussed in this article.
2. passwd instance
From: http://keren.blog.51cto.com/720558/144908
[Passwd command for Linux] The passwd command is used to modify the user's login password. The file used to record the user's login password is/etc/shadow. This file is only accessible to the root user, as follows: gaolu @ gaolu-desktop :~ $ Gaolu @ gaolu-desktop :~ $ CD/etcgaolu @ gaolu-desktop:/etc $ LS-l shadow-RW-r ----- 1 root shadow 978 shadowgaolu @ gaolu-desktop:/etc $
This is a conflict: For security reasons, normal users are not allowed to view and modify the shadow file. However, normal users cannot change their own passwords.
In Linux, setuid is used to solve this problem: Program If the setuid bit is set, it will have the permissions of the program owner no matter which user is enabled. The owner of the passwd program is the root user. The permissions of passwd are as follows. When any user executes the program, the EUID of the program will become the EUID of the root user, rather than the UID of the program.
Gaolu @ gaolu-desktop:/etc $ CD/usr/bingaolu @ gaolu-desktop: /usr/bin $ LS-l passwd-rwsr-XR-x 1 Root 32988 2008-06-10 passwdgaolu @ gaolu-desktop:/usr/bin $ gaolu @ gaolu-desktop: /usr/bin $
Therefore, common users can modify the shadow file content through the passwd program to modify the password.
Complete!