Tag: Otherwise code runs its own dir requires mod pass number
Linux privilege Supplement: RWT RWT RWS RWS Special Privileges
As we all know, Linux file permissions such as: 777;666, in fact, as long as the corresponding file with the UID permissions, you can use to add the identity of the person to run this file. So we just need to copy bash out to another place, and then root with the UID permissions, as long as the user runs the shell can be used as root to execute any file
A file has an owner that indicates who created the file. Also, the file has a group number that represents the group to which the file belongs, typically the group to which the file owner belongs.
If it is an executable file, at execution time, the file typically has only the permissions of the user who called the file. And setuid, Setgid can change this setting.
- Setuid: This bit is a program or command that allows a normal user to run only the root account in the root user's role. For example, we use the normal user to run the passwd command to change their password, in fact, the final change is the/etc/passwd file we know/etc/passwd file is a user-managed profile, only the root user can change
[[email protected] ~]# ls -l /etc/passwd-rw-r--r-- 1 root root 2379 04-21 13:18 /etc/passwd
As a normal user, if you modify your password by modifying the/etc/passwd is definitely not a task, but it can be modified by a command, the answer is yes, as a normal user can be passwd to modify their own password thanks to the permission of the passwd command we take a look;
[[email protected] ~]# ls -l /usr/bin/passwd-r-s--x--x 1 root root 21944 02-12 16:15 /usr/bin/passwd
Because the/usr/bin/passwd file has set the setuid permission bit (that is, r-s--x--x in the s), so ordinary users can temporarily become root, indirectly modify the/etc/passwd to achieve the right to modify their own password
- Setgid: This permission is valid only for the directory. After the directory is set, any user who creates the file in this directory has the same group as the group to which the directory belongs.
- Sticky bit: This bit can be understood as an anti-delete bit. Whether a file can be deleted by a user depends primarily on whether the group to which the file belongs has write access to the user. Without write permissions, all files in this directory cannot be deleted and new files cannot be added. If you want users to be able to add files but cannot delete files at the same time, you can use the sticky bit bit for the files. When this bit is set, the file cannot be deleted even if the user has write access to the directory.
Let's talk about how to manipulate these flags:
The operation of these flags is the same as the command to manipulate the file permissions, both of which are chmod. There are two ways to do this,
1)
chmod u+s temp
--Add the SETUID flag to the temp file. (setuid only valid for files)
chmod g+s tempdir
--Add Setgid flag for TempDir directory (setgid only valid for directory)
chmod o+t temp
--Add the sticky flag to the temp file (sticky only works on the file)
2) Adopt Octal method. The general file is marked by three octal digits, such as 666, 777, 644, and so on. If these special flags are set, a set of octal digits is added outside of this set of numbers. such as 4666, 2777 and so on. The meaning of this set of octal digits three bits is as follows,
Abc
The A-SETUID bit, if the bit is 1, is set SETUID 4---
The B-setgid bit, if the bit is 1, is set Setgid 2---
The C-sticky bit, if the bit is 1, is set sticky 1---
After you set these flags, you can use ls-l to view them. If these flags are present, they are displayed in the original execution flag position. Such as
rwsrw-r--
Indicates a setuid flag.
rwxrwsrw-
Indicates a setgid flag.
rwxrw-rwt
Indicates a sticky flag.
So where did the original execution sign x go? The system specifies that if there is an X on the bit, these special flags are shown as lowercase letters (s, s, T). Otherwise, it is shown in uppercase letters (s, S, T)
Note: setuid and setgid will be at risk, so use as little as possible, I am also here to understand, O (∩_∩) o ha!
Linux privilege Supplement: RWT RWT RWS RWS Special Privileges