Linux SU command security suggestions (1)

First, let's look at su-run a shell with substitute user and group IDs on the man help page. That is to say, through su, we can start a shell program without providing users and group names. su is a binary executable file. The path of the command file is/bin/su. The following command is used to query the type and path of the su file:

Example 1:

Islab $ which su

/Bin/su

Example 2:

Islab $ file/bin/su

/Bin/su: setuid ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, stripped

Example 3:

Islab $ ll/bin/su

-Rwsr-xr-x 1 root 24060 Jan 10 2007/bin/su

In Example 3 and example 2, we can see that su is a setuid program (the setuid bit can be set using chmod u + s, for example, the setuid bit is used when ls displays the su file owner attribute ), in this case, su can obtain higher permissions than its owner. That is to say, when su is running, your permissions will be elevated, which will be equivalent to the root permission.

In Example 3, we can see that the file type is ELF 32-bit LSB shared object (with the setuid bit set). That is to say, the program needs a function library such as libc and also uses the ELF interpreter, comply with LSB specifications.

Question 1: normal users can copy su commands from other machines.

A: They can copy su commands from other machines, but they will not be able to set the su correctly, such as chown root and chmod u + s. therefore, the copied su does not work properly.

Question 2: How to prevent common users from executing the su command.