我目前正在尝试了解文件权限中的特殊位的作用,但目前仍试图了解 setuid 位的作用。从所有在线资源来看:
Commonly noted as SUID, the special permission for the user access level has a single function: A file with SUID always executes as the user who owns the file, regardless of the user passing the command
然而,在一个简单的实验中,这似乎并不正确(除非我误解了并且做错了什么?)即
mkdir /tmp/foo
mkdir /tmp/foo/bar
chmod 0700 /tmp/foo/bar # Restrict directory so only current user can access
echo content > /tmp/foo/bar/baz.txt # Create content in the restricted directory
echo "ls /tmp/foo/bar" > /tmp/foo/myscript.sh # Script to access content of restricted directoy
chmod 4777 /tmp/foo/myscript.sh # Set setuid bit so the script runs as current user
/tmp/foo/myscript.sh # Show it works when run as current user
#> baz.txt
su bob # Switch to a new user
/tmp/foo/myscript.sh # Run script again
#> ls: cannot open directory '/tmp/foo/bar': Permission denied
我的期望是,当设置了 setuid 位时,脚本应该以原始用户身份执行,因此应该具有 ls
进入受限目录的权限。但相反,我收到了权限被拒绝的错误,表明该脚本未以原始用户身份运行。
任何有助于理解我做错了什么的帮助将不胜感激。 (示例在 zsh/ubuntu 20.04/wsl2 上运行)
最佳答案
suid 位仅适用于二进制可执行程序,不适用于 shell 脚本。您可以在这里找到更多信息:https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
关于ubuntu - 为什么 setuid 不以所有者身份运行?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69958788/