|
|
发表于 2004-10-19 13:51:31
|
显示全部楼层
The ls utility shows setuid permission as an s in the owner's executable position and setgid as an s in the group's executable position.
When you are running as superuser, you can change the permissions of a file owned by root to setuid. When an ordinary user executes a file that is owned by root and has setuid permissions, the program has full root privileges. In other words, this program can do anything that root can do and that the program does or allows the user to do. The user's privileges do not change. When the program finishes running, all user privileges are back to the way they were before the program was started.
Setuid programs that are owned by root are powerful and also dangerous to system security, which is why very few of them are on the system. As 6692975 mentioned, passwd is just one of such programs. Because a root-owned setuid program allows someone who does not know the root password to have the powers of superuser, it is a tempting target for a malicious user. Your site should have as few of these programs as necessary. You can disable setuid programs at the filesystem level by mounting a filesystem with the nosuid option. |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主