On the setuid permission in Linux

On the setuid permission in Linux)

1. What is setuid?

We know that when the "Ps" command is executed under the Linux Command Line, all processes in the current system will be listed. In this example, we can see that each process is associated with the user's real ID. In fact, each process in Linux is also closely associated with a valid user ID. The former indicates that the process is controlled by the user, and the latter is used to assign ownership to the newly created file, check the file access permission and other operations, and the valid user is the owner of the file. The Linux kernel allows a process to change its own valid user ID by calling a setuid Program (or displaying the execution of a setuid System Call.

2. How to configure the setuid permission

In Linux, you can use the "password" command to change the password of a root user or a common user. However, passwords in Linux are usually stored in the "/etc/paswd" and "/etc/shadow" files. These two files are critical to system security, therefore, only the root user can perform read/write operations on it. Log on to the system as an administrator and run "ls" at the linxu prompt.
The/etc/passwd/etc/shadow command shows that normal users do not have the write permission for these two files in the returned information. Therefore, from the perspective of file attributes, when a common user changes his/her password, he/she cannot write the password information into the above file. How did he change the password? In fact, the key to the problem is not the password file itself, but the password change command "passwd ". Run the "ls/usr/bin/passwd" command at the prompt. The "S" is displayed on the execution permission limit of the file owner in the returned message, indicating that the "passwd" command has the setuid permission, the owner is root. In this way, when a common user executes the "passwd" command, the user actually executes the command as the valid user root and has the corresponding permissions, in this way, the new password is written to the "/etc/passwd" and "/etc/shadow" files. After the command is executed, the user's identity disappears immediately. How do I set the setuid permission? You can use the "chmod" command to set the setuid permission for a specified file, for example, "chmod
Command 4xxx filename. The command for canceling the setuid permission is "chmod xxx filename ". Similarly, run the "chmod 2xxx FILENAME" command to set the setuid permission. Run the "chmod xxx filename" command to cancel the setgid permission.
Run the 6xxx filename command to set both setuid and setgid for the specified file and run the command "chmod 0xxx FILENAME" to cancel the setuid and setgid permissions for the specified file. For example, if you log on to the system as a root user and run the "chmod 0511/usr/bin/passwd" command, you can cancel the setuid permission of the "passwd" command, in this way, normal users cannot change their passwords.

Security of 3setuid Permissions

Using setuid can flexibly adjust the permissions of all file owners, but it also brings security risks to the system. If the root user configures excessive setuid permissions for the specified program file, it opens the door for hackers or illegal users to intrude into the system. For example, you can use the "Vi" command in Linux to edit files. However, when a common user tries to use the "VI/etc/shadow" command to modify the password file, the system will pop up "/etc/shadow
: Permission denied "warning to prohibit unauthorized modification to the password file. However, if you run the "which VI" command in the root user environment, you can see that the "Vi" command is actually the alias of the "Vim" command, the actual path is "/usr/bin/Vim", so that the command "chmod
6755/usr/bin/Vim ", you can change the owner of the" Vi "command to root, so that in the normal user environment, you can use the "Vi" command to edit any file (for example, "/etc/shadow"). In this way, even common users can clear the password file to log on to Linux without a password, the security threats to the system are self-evident. Therefore, do not configure the setuid permission for programs that may cause system security hazards.

4. How to disable the setuid permission

For partitions that store sensitive data, you may want to disable the setuid permission setting function. For example, if you disable the setuid permission on the "/home" partition, you can find the "/etc/fstab" configuration file and run the "VI/RTC/fstab" command ", you can see "label =/home"
For data such as/home ext3 defaults 1 2, you only need to add the "nosuid" keyword after the "default" keyword, for example, use the "Vi" command to change it to "lanbel =/home ext3 default, nosuid 1 2", and then execute the command "mountoremount
/Home ", so that even if the setuid permission is configured for any executable file on the"/home "partition, it is invalid. This protects the system security to a great extent.

From: http://hi.baidu.com/futily/blog/item/afa7ad8707b27b2cc75cc35a.html

With your experience in DOS and Windows, you probably know that there are several types of files in the system, such as system files, read-only files, and hidden files. In Linux/Unix, file types are far more diverse and complex than DOS/Windows systems. This document uses RedHat Linux is used as an example to give readers a better understanding of the file types in Linux. Most of the content in this article is also true for Linux, Aix, Solaris, FreeBSD, and other operating systems of other releases. In Linux, you can use the LS-l command to determine the file type. Figure. It can be determined based on the 10 characters in the first column. ? -Rw-r-r-indicates that 1.txt and myprog04 files are common files. All files starting with "-" are common files, while those starting with "D" are directory files. ? BRW-RW ---- indicates that/dev/sda1 is a block device file. All files starting with "B" are block device files .? ? CrW-RW ---- indicates that/dev/lp0 is a character device file. Files starting with "C" are character device files. ? Srwxrwxrwx indicates that/var/lib/MySQL. Sock is a socket file. All files starting with "" are socket files. ? Prwxr-r -- specifies that mypipe is a pipeline file. An attribute of the MPs queue file is "p ". ? Lrwxrwxrwx indicates that softlinkof1.txt is a soft link file (or a symbolic link file) that refers to 1.txt. Files starting with "L" are soft-link files. ? -The hard_link_of_1.txt file starting with rw-r-r-r-seems to be a common file, but it is actually a hard link file. ? -Rwsr-XR-X indicates that myprog01 is an executable file with a setuid, which is determined by the fourth character "S. ? -Rwxr-Sr-X indicates that myprog03 is an executable file with a setgid, which is determined by "S" in the seventh character. ? -Rwsr-Sr-X indicates that myprog02 is an executable file with setuid and setgid. This is determined by "S" in the fourth and seventh characters. ? The first "D" in drwxrwxrwt indicates that the tmp file is a directory, and the last character "T" indicates that the directory is set with a sticking bit. I. Device Files The/dev directory in Linux contains a large number of device files. Mainly block device files and character device files. Block Device Files In the past, after adding a new disk, you often needed to manually add block device files. Now we usually do not need to manually add a block device file. Run service kudzu start and the system will automatically configure the corresponding device for you. The main feature of Block devices is random read/write, and the most common Block devices are disks, such as/dev/hda1. /Dev/sda2,/dev/fd0, etc. Character Device File Like Block devices, we can use the service kudzu start command to automatically add, delete, or modify character devices. The most common character devices are printers and terminals that can accept the RST stream. /Dev/null is a very useful character device file, and everything sent to this device is ignored. If you redirect the output results of any program to/dev/null, no output information is displayed. You can even point a user's shell to/dev/null to prevent it from logging on. MPs queue Device File Pipeline device files are sometimes called FIFO files (FIFO is the meaning of FIFO). Literally, pipeline Device Files flow from one end to the other. We usually do some work in it to achieve the goal of "eating grass, squeezing milk", and pipeline files are also useful. In the past, Unix systems used a limit of 2 GB for maximum file usage. Although the current versions of Linux, Solaris, And FreeBSD do not have this limit, the requirements for processing large files still exist, assume that you want to use an image (DD command) to back up a 20 GB partition, a 20 GB file will be generated. Based on the actual usage of your disk, this file may only be compressed from several MB to several GB. We can create an MPS file to automatically implement this compression process. [Root @ linux236 Root] # mknod mypipe P [Root @ linux236 root] # ls-l mypipe Prw-r -- 1 Root 0 Aug 5 23:27 mypipe [Root @ linux236 root] # here, we have created a pipeline file named mypipe. We can use the LS-l command to see that its property is prw-r --, use the following command to implement image and compression: [root @ linux236 root] # compress <mypipe>; sda6.img. Z & [Root @ linux236 root] # dd If =/dev/sda6 of = mypipe [Root @ linux236 root] # ls sda6.img. Z The first command of sda6.img. Z compresses the files exported from the mypipe pipeline into the SDA. IMG. Z file. Note that the end of this command must use the "&" symbol. The second command imports the data in the/dev/sda6 partition into the MPs queue file mypipe. In other words, the data in the/dev/sda6 partition enters the MPs queue and the compressed file sda6.img. the Z file is exported from the MPs queue. When exporting large databases such as Oracle and DB2, large files are often generated. Skilled database administrators often choose to compress data through pipelines. For Oracle databases, you can use the combined command below to compress the exported content from Oracle to expdat. DMP. Z file. Compress <Mypipe>; expdat. dmp. Z & Exp userid = system file = mypipe owner = Scott Chapter 2 linking file links is a bit similar to the so-called shortcuts of windows, but they are not exactly the same. There are two methods for linking: Soft link and hard link. Soft link file Soft links are also called symbolic links. This file contains the path name of another file. It can be any file or directory that can be linked to files of different file systems. A linked file can even link a non-existing file, which leads to a problem commonly referred to as "broken chain" (or "Symptom", the linked file can even link itself cyclically. Similar to recursion in programming languages. [Yaoyao @ linux236 Yaoyao] $ LS-l Total 0 Lrwxrwxrwx 1 Yaoyao 5 Aug 6 17:39 1.txt->; 3.txt Lrwxrwxrwx 1 Yaoyao 5 Aug 6 17:38 2.txt->; 1.txt Lrwxrwxrwx 1 Yaoyao 5 Aug 6 3.txt->; the three files above 2.txt form a recursion, which has no function in essence. The system administrator should avoid system leeching or loop links. You can use the Ln-s command to generate a soft connection, as shown in the following figure: [root @ linux236 test] # ln-s source_file softlink_file when reading or writing symbol files, the system automatically converts the operation to the operation on the source file. However, when you delete a linked file, the system only deletes the linked file instead of the source file itself. Hard link file The info ln Command tells you that a hard link is another name of an existing file (a "hard link" is another name for an existing file), which is somewhat confusing. The hard connection command is ln-D existfile newfile. There are two restrictions on the hard link file. 1. Hard links cannot be created for directories; 2. A link can be created only between files in the same file system. When you perform read/write or delete operations on hard-link files, the results are the same as those of soft-link files. However, if we delete the source file of the hard link file, the hard link file still exists and retains the expected content. At this time, the system "forgot" that it was a hard link file. And regard it as a common file. 3. When setuid, setgid, and directory files with adhesive bits are in Linux/Unix, an executable file is setuid, which allows any user to execute the file, are bound to the permissions of the file owner. Just like a file with a powerful sword, the setuid file is usually used to enhance user permissions. The most representative su command. Common users can execute this command to upgrade themselves to the root. Use the setuid command: chmod 4755 the your_program setgid file is very similar to the setuid file, which makes it possible for any user to bind all the group permissions of the file when executing the file. A single setgid file is rarely used, usually both setuid and setgid. But it may be a little different from what you guess. Setuid + setgid is generally not used to enhance permissions, but to bind special permissions to a special user and their groups, such as Qmail's peripheral software Vpopmail, A program vchkpw with setuid + setgid is used to verify the user name and password. This principle is the same as that of Apache, which is often run as a nobody user. Its purpose is to be more secure. Setgid Command usage: Chmod 2755 your_program usually uses the command Chmod 6755 yourprogram makes it possible for a root user who can execute a program at the same time setuid and setgid all-around to set arbitrary setuid and setgid. However, Shang fangbaojian cannot use it to fake the sacred intent. Common users can only configure setuid or setgid for their own files. Because the setuid or setgid file will increase the permissions of common users, careful system administrators usually pay attention to the changes in the setuid or setgid file in the system. Reduce security risks. In Linux,/tmp is a directory for storing temporary files, which must be writable to all users. However, each user can only delete their own files. In this case, you can add a sticking bit to the directory. [Root @ Yaoyao /] # Ls-L | grep TMP Drwsrwsrwt 9 Root 4096 August 7 10:50 TMP note the character "T", which indicates that the directory is set with a sticking bit. We create a self-built ABC directory so that it has the same features as/tmp chmod 777 ABC The two command combinations in chmod + t abc are equivalent to the following command: chmod 1777 ABC uses LS-L to view the attributes of the ABC directory: [root @ Yaoyao test] # ls-L total usage 4 drwsrwsrwt 2 root Root 4096 August 7 11:32 the same requirements for the ABC and/tmp directories are usually in the FTP server's upload Directory also exists. It can be processed in the same way. 4. Socket files are similar to pipelines, but they work on the network. You rely on it for network processing on your computer. You may have heard of "Winsock", which is a Windows . We will not go into the related sets of interfaces here, because if you do not write a program, you will not use it, but if you see a file type in your system is S, you only need to know what it is. For example, a socket file is usually generated during MySQL running. [Root @ Yaoyao TMP] # ls-L/tmp/MySQL. sock srwxrwxrwx 1 MySQL August 7 10:03 MySQL. there are some socket files in the sock/tmp directory, most of which are generated when running xwindows. 5. Miscellaneous: Why can't I delete files that cannot be deleted? "why can't I delete some files starting with an annoying minus sign ("-")? Why? "You may have heard such a shout from a newbie at your desk, hoping that the same thing will not happen to you, which is very easy to solve, you only need to use the Path Method to delete them. If a file name is "-ABC", you can use: Rm ./-ABC or The RM/home/Yaoyao/-ABC command can be easily deleted. You can also use VI or other tools to modify them in the same way. Some other files may seem to be normal, but when you try to delete them, an error will be reported, as shown below: [root @ linux236 root] # ls-l 1.txt -RW-r -- 1 Root 0 Aug 5 23:00 1.txt [Root @ linux236 root] # rm-RF 1.txt RM: cannot unlink '1.txt ': operation not permitted: You are an all-around root user. Actually, the system tells you that the operation is not allowed. Is it Linux crazy? Of course not. If you use the lsattr command, the answer is provided. [Root @ linux236 root] # lsattr --- I ----------./1.txt --------------./Weiqi. ldif --------------./QI. schema is completely confidential. In lsattrcommand, this 1.txt file has an "I" attribute, so it cannot be deleted. Now you can use the following commands: [root @ linux236 root] # lsattr 1.txt --- I ---------- 1.txt [Root @ linux236 root] # chattr-I 1.txt [Root @ linux236 root] # rm-RF 1.txt [Root @ linux236 root] # succeeded. This attribute is used to protect important files from being deleted. Generally, generally, the system administrator can determine whether the file can be deleted by using these commands. If you want to add more protection to a file, use the following command: chattr + I filename. In this way, you need to take one more step to delete the file. At the same time, such files cannot be edited or modified. Only the root user can use the chattr command. This command can be used on Linux ext2 or ext3. Similar to DOS and Windows file systems, most files that cannot be deleted at will have their own principles. Even if you know how to delete them, you should think twice. Summary Linux/Unix system management is a complex task. It is essential to master and understand the Linux/UNIX file types. Learn Linux/u From: http://blog.chinaunix.net/space.php? Uid = 24231058 & Do = Blog & id = 157199