Setting user ID for UNIX File Permissions"

Setting user ID for UNIX File Permissions"

The stat function can be used to obtain the status information of a file. The prototype is as follows:

Int stat (const char * path, struct stat * buf );

The structure of the struct stat is as follows:

Struct stat {
Dev_t st_dev;/* ID of device containing file */
Ino_t st_ino;/* inode number */
Mode_t st_mode;/* protection */
Nlink_t st_nlink;/* number of hard links */
Uid_t st_uid;/* user ID of owner */
Gid_t st_gid;/* group ID of owner */
Dev_t st_rdev;/* device ID (if special file )*/
Off_t st_size;/* total size, in bytes */
Blksize_t st_blksize;/* blocksize for file system I/O */
Blkcnt_t st_blocks;/* number of 512B blocks allocated */
Time_t st_atime;/* time of last access */
Time_t st_mtime;/* time of last modification */
Time_t st_ctime;/* time of last status change */
};

You can obtain the ID of the file owner and the group ID of the file owner using st_uid and st_gid from the output parameter buf.

There are also several groups of IDs in UNIX processes. They are the actual user ID, the actual user group ID, the valid user ID, and the valid user group ID. When we start a process, the valid user ID of the process is usually the actual ID of the process (for example, if I log on with eric, this valid user is the ID of eric ). However, when "Set User ID bit" is enabled, the valid ID is the owner ID of the program file of the process.

$ Ls-l 1.txt
-Rw ------- 1 root 16 April 29 14:31 1.txt

In the front directory, a file named "cmd1.txt" is the owner root, and only the root has the read and write permissions.

1 int main ()
2 {
3 int fd;
4 if (fd = open ("1.txt", O_RDONLY) =-1)
5 {
6 printf ("Open failed. \ n ");
7 exit (-1 );
8}
9 char buf [1024] = {0 };
10 read (fd, buf, 1024 );
11 printf (buf );
12 printf ("\ n ");
13}

First, I use the su command in the terminal to use the root user. Gcc read. c-omain. Obtain the main program.

# Gcc read. c-omain
# Exit
Exit
$ Main
Open failed.

Token "only has read and write permissions for the root user, so open fails.

Run the shell command to open the Set User ID of main: chmod u + s main

I use a c program. The main code is as follows:

1 struct stat buf = {0 };
2 stat ("main", & buf );
3 buf. st_mode | = S_ISUID;
4 chmod ("main", buf. st_mode );

After the command is executed, the "Set User ID bit" of main is enabled. Execute the main program on a non-root terminal to read 1.txt content.

$ Main
Bkjia.com

I personally think that the linux permission design is reasonable. Although the main program can run with the root permission of the owner, this requires the authorization of the root user: open the "set uid bit" of the program file (set the user ID bit ). You only need to fully consider the risks of this program when you open this set uid bit. Of course, you must be cautious with authorization. O (partition _ partition) O

This article permanently updates the link address: