I wrote a script quit.sh, as follows:
1 #/bin/bash
2 If [$#-lt 1];then
3 echo "must input at least one parameter!"
4 Exit 1
5 fi
6
7 if [= = "Q"];then
8 echo "quit!"
9 echo "$ (WhoAmI) quit @ $ (date)" >>/tmp/quit.txt #这里访问了quit. txt
Exit 0
One else
echo "Wrong input!"
Exit 2
+ fi
I lock the quit.txt permissions, only the root can read and write, the quit.sh users and groups are set to root, and set the suid, I hope other users can read and write quit.txt through the script. But the execution is permission denied, excuse me this is why?
The execution process is as follows:
[[Email protected] (none) tmp]# ll Quit.txt
-RW-------. 1 root root 0 Jan 23:29 quit.txt
[[Email protected] (none) tmp]# ll quit.sh
-rwsr-xr-x. 1 root root 228 Jan 23:29 quit.sh
[[Email protected] (none) tmp]#./quit.sh Q-----> here root performs normally
quit!
[[Email protected] (none) tmp]# cat Quit.txt
Root quit @ Tue Jan 23:31:15 PST 2016
[[Email protected] (none) tmp]# su-tom------> switch to Tom User
[[Email protected] (none) ~]$ cd/tmp/
[[Email protected] (none) tmp]$./quit.sh Q-------> This is when Tom executes, the owner and the group of the process should be root and should be able to access quit.txt, but Yes but prompt no permission
quit!
./quit.sh:line 9:/tmp/quit.txt:permission denied
It is not valid to set suid for a shell script, as verified by the multi-party:
Although you can set suid and Sgid permissions on shell scripts, most modern shells ignore these bit settings for scripts. Because the shell is a very powerful scripting language, it has the ability to interpret and execute arbitrary expressions. These features allow too broad a limit, which makes the environment very insecure. Therefore, if you set Suid or Sgid permissions on a shell script, do not expect the script to follow these settings when it executes.
Questions about the shell script settings suid.