如题所述
ä¸ç´ä»¥rootç»é使ç¨linuxç人æ¥è¯´å¾å°ææé被æè¿ç§æ¦å¿µï¼ä½æäºæ¶ååæ·±åæéæç»å°æ°ã
ããç¥é为ä»ä¹å¾å¤ç¨åºä¸éè¦ä½¿ç¨getuid()ï¼setuid()ï¼ä¸ºä»ä¹ä»¥æ®éæéç»éçç¨æ·ä¸è½è¿å ¥/rootï¼ä¸ºä»ä¹å¨/ç®å½ä¸æ§è¡ls -låå¯ä»¥æ¾ç¤ºrootçä¿¡æ¯ï¼ä½ls /root -alå´æ¯æéä¸å¤ï¼ä¸ºä»ä¹æäºæ件夹å¯ä»¥ç»§ç»å建æ件ï¼ä½å°±æ¯ä¸è½lsï¼ççï¼ç¸ä¿¡çäºæ¤æå°±è½æç½ã
ãã主è¦æ¯å¦ä¹ ç¬è®°ï¼ä¸è¶³ä¹å¤è¯·ææ£ã
ããCentOS 5.4 [testc@xxx opt]$ uname -a Linux xxx 2.6.18-164.el5xen #1 SMP Thu Sep 3 04ï¼47ï¼32 EDT 2009 i686 i686 i386 GNU/Linux
ããä¸ãå£ä»¤æ件1ï¼æ ¼å¼åå¨æ件/etc/passwdï¼æ ¼å¼å¦ä¸ï¼rootï¼xï¼0ï¼0ï¼rootï¼/rootï¼/bin/bash aaaï¼xï¼501ï¼501ï¼bjï¼ bjï¼ 8111111ï¼136000111ï¼/home/aaaï¼/bin/bashç¨æ·åï¼å å¯å¯ç ï¼ç¨æ·IDï¼ç»IDï¼æ³¨éï¼å·¥ä½ç®å½ï¼shellï¼
ããé»è®¤æ åµæ¯ç¬¬ä¸è¡çæ ¼å¼;注éå段å¯ä»¥èªè¡ä¿®æ¹ï¼ç¨éå·éå¼ï¼å¦ç¬¬äºè¡æ ¼å¼ï¼è¿ä¸»è¦æ¯ç»fingerå½ä»¤ä½¿ç¨æ¶å¯è§£æã
ããå¯ä»¥vi /etc/passwdä¿®æ¹ï¼ä½ä¸ºäºä¿è¯å ¶æ ¼å¼çæ£ç¡®æ§ï¼è¯·ç¨vipwå½ä»¤ç¼è¯æ¤æ件ã
ããsh-3.2# finger aaa Loginï¼ aaa Nameï¼ bj Directoryï¼ /home/aaa Shellï¼ /bin/bash Officeï¼ bjï¼ 8111111 Home Phoneï¼ 136000111 Never logged in. No mail. No Plan.
ãã2ï¼ç¼ç¨å®ä¾
ãã/*getpwnam_pwuid.c*/ #include #include #include
ããint main(void)
ãã{ //struct passwd *pwd = getpwnam("aaa");struct passwd *pwd = getpwuid(501);if(pwd == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ pwd->pw_name);printf("passwdï¼%s\n"ï¼ pwd->pw_passwd);printf("descriptionï¼%s\n"ï¼ pwd->pw_gecos);printf("uidï¼%d\n"ï¼ pwd->pw_uid);printf("gidï¼%d\n"ï¼ pwd->pw_gid);printf("dirï¼%s\n"ï¼ pwd->pw_dir);printf("shellï¼%s\n"ï¼ pwd->pw_shell);
ããreturn 0;}
ããsh-3.2# gcc getpwnam_pwuid.c -o app sh-3.2# ./app nameï¼aaa passwdï¼x descriptionï¼bjï¼ bjï¼ 8111111ï¼136000111 uidï¼501 gidï¼501 dirï¼/home/aaa shellï¼/bin/bash
ããäºãç»æ件1ï¼æ ¼å¼åå¨æ件/etc/groupï¼æ ¼å¼å¦ä¸rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon aaaï¼xï¼501ï¼ç»åï¼å å¯å¯ç ï¼ç»IDï¼æåçåç¨æ·å
ãã2ï¼æ¹åæ件uidågid.
ããsh-3.2# pwd /root/study sh-3.2# ls -al -rw-râârââ 1 root root 397 10-11 03ï¼23 test.c
ããchgrp æ¹åæå±ç»IDï¼å½ç¶åªærootæéæå¯ä»¥ä¿®æ¹ã
ããsh-3.2# chgrp aaa test.c sh-3.2# ls -al -rw-râârââ 1 root aaa 397 10-11 03ï¼23 test.c
ããè¿ä¸ªaaaå°±æ¯æ°ç»åï¼å ¶å¨/etc/groupä¸ï¼å¯ä»¥éè¿adduser aaaèªè¡æ·»å sh-3.2# cat /etc/group rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon daemonï¼xï¼2ï¼rootï¼binï¼daemon.
ããgdmï¼xï¼42ï¼sabayonï¼xï¼86ï¼plmtestï¼xï¼500ï¼aaaï¼xï¼501ï¼
ããchown æ¹åç¨æ·IDæç»ID sh-3.2# chown aaaï¼aaa test.c sh-3.2# ls -al -rw-râârââ 1 aaa aaa 397 10-11 03ï¼23 test.c
ãã3ï¼ç¼ç¨å®ä¾
ãã/*getgrnam.c*/ #include #include
ããint main(int argcï¼ char *argv[])
ãã{ if(argv[1] == NULL)
ãã{ printf("input error.\n");return 1;}
ããstruct group *gp = getgrnam(argv[1]);if(gp == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ gp->gr_name);printf("psswdï¼%s\n"ï¼ gp->gr_passwd);printf("gidï¼%d\n"ï¼ gp->gr_gid);
ããint i;for(i = 0; gp->gr_mem[i] != NULL; i++)
ãã{ printf("group nameï¼%s\n"ï¼ gp->gr_mem[i]);}
ããreturn 0;}
ããsh-3.2# gcc getgrnam.c -o app sh-3.2# ./app bin nameï¼bin psswdï¼x gidï¼1 group nameï¼root group nameï¼bin group nameï¼daemon 4ï¼æ件æéä¸ç»è®²äºsh-3.2# ls -alæ»è®¡ 483984 drwxr-xââ 13 root root 4096 02-22 00ï¼01 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ãã-rw-râârââ 1 root root 464023491 10-25 22ï¼33 3.3.005-080425.tgz -rwââ 1 root root 9346 02-21 23ï¼16 .bash_history -rw-râârââ 1 root root 24 2007-01-06 .bash_logout -rw-râârââ 1 root root 191 2007-01-06 .bash_profile -rw-râârââ 1 root root 176 2007-01-06 .bashrc drwxrwxrwx 10 1000 users 4096 08-23 20ï¼16 cflow-1.3 -rw-râârââ 1 root root 759691 08-23 20ï¼13 cflow.tar.gz -rw-râârââ 1 root root 100 2007-01-06 .cshrc -rwxr-xr-x 1 root root 582 11-11 21ï¼48 delete_M.sh -rw-râârââ 1 root root 2518 11-11 20ï¼25 .dir_colors
ãã主è¦æ¯æ左边ä¸åï¼drwxr-xââ10个å符ï¼æ左边æ¯æ件类åï¼-é»è®¤ä¸ºæ®éæ件;dï¼ç®å½æ件;l符å·é¾æ¥â¦â¦
ããåé¢9个ï¼3个ä¸ç»å ±ä¸ç»ï¼åå«è¡¨ç¤ºæå±ç¨æ·uidçæé;æå±ç»æè éå±ç»gidçæé;å ¶å®æéã
ããä¸ä¸ªå符åå«æ¯è¯»ãåãæ§è¡æé读4ï¼å2ï¼ æ§è¡1
ããæ以chmod 777 test.cï¼æåå°è¯»ãåãæ§è¡æéã
ãã5ï¼ç»æéæä½å®ä¾æ¤èæ¼ç¤ºç¸åç»çæåä¹é´å ±äº«èµæºï¼å³ä¸åuidä½ç¸ågidçç¨æ·å ±äº«åä¸ç»çèµæºã
ãã为äºæ¹ä¾¿èµ·è§ï¼æåæ¶å¼äºä¸¤ä¸ªç»ç«¯ã
ãã"sh-3.2#"以rootæéç»éçshell /bin/sh "[testa@xxx root]"以testaç¨æ·ç»éçshell
ãã注ï¼ä¸ææå°çâç¨æ·âæ¯æ/etc/passwdéå®ä¹çéè¿ç»ç«¯ç»éçç¨æ·(æ¤æå³ä»¥ä¸å¢å çä¸ä¸ªè´¦å·å)ã
ããsh-3.2# useradd testa sh-3.2# useradd testb sh-3.2# useradd testc
ããsh-3.2# tail -f /etc/passwd -n 4 sabayonï¼xï¼86ï¼86ï¼Sabayon userï¼/home/sabayonï¼/sbin/nologin testaï¼xï¼500ï¼500ï¼ï¼/home/testaï¼/bin/bash testbï¼xï¼501ï¼501ï¼ï¼/home/testbï¼/bin/bash testcï¼xï¼502ï¼502ï¼ï¼/home/testcï¼/bin/bash
ããåå¼ä¸ä¸ªç»ç«¯ç»étestaï¼ä¹åé£ä¸ªç»ç«¯ä¿æã
ããsh-3.2# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤
ããéè¿rootä¿®æ¹testbç®å½æé为770ï¼å³å½åuidæè gidç¸åçç¨æ·åæ读åæ§è¡æéã
ããsh-3.2# cd /home/ sh-3.2# chmod 770 testb
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb (here modify)
ããdrwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤[testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ããæ¤æ¶è½ç¶å¼æ¾äºtestbçæå±ç»æéï¼ä½ç¨æ·testaçgid=500(testa) groups=500(testa)ï¼å®è¿ä¸å±äºtestbç»ã
ããä¸é¢ä¿®æ¹testaçgid为testb(æè å¢å å ¶éå±ç»groupså¼ä¸ºtestb)
ããsh-3.2# usermod -G testb testa (å¢å ç¨æ·testaçéå±ç»testb)
ããsh-3.2# id testa uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç»ç«¯éè¦éæ°ç»ä¸ï¼ä½¿åææ´æ¹çæ[testa@xxx root]$ exit exit [root@xxx ~]# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx root]$ cd /home/ [testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc [testa@xxx home]$ cd testb [testa@xxx testb]$ pwd /home/testb
ãã以ä¸æ¯å¢å äºç¨æ·testaçéå±ç»testbï¼ä½¿å ¶å¯¹äºå±äºtestbç»çèµæºæäºè®¿é®æéã
ããä¸é¢å使ç¨newgrpåæ¢ç¨æ·testaçgid.
ãã[testa@xxx testb]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx testb]$ newgrp testb [testa@xxx testb]$ id uid=500(testa) gid=501(testb) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç¨æ·çgidå·²æ¹ä¸º501(testb)ã
ããç»ä¹åçå ³ç³»å¨æ件/etc/group sh-3.2# tail -f /etc/group -n 4 sabayonï¼xï¼86ï¼testaï¼xï¼500ï¼testbï¼xï¼501ï¼testa (æåä¸åï¼ç»å ç¨æ·å表ãå³ç»testbéå å«testaï¼testaå±äºtestbç»ï¼å¤§æ¦å°±è¿ææå§â¦â¦)
ããtestcï¼xï¼502ï¼
ããè½ç¶ç¥éæ§å¶ç»å ³ç³»çæ件ï¼ä½ä¸è½ç´æ¥ä¿®æ¹äºæ件ï¼å¦åæ§è¡newgrpæ¶ä¼åºç°"æ±æ"é误æ示ã
ããå½ç¶rootç¨æ·æéæ¯æ éå¶çï¼å®è®¿é®æ件æ¶ä¸éè¦è¿è¡æéæ£æ¥ã
ããä¸ãç¸å ³ç³»ç»è°ç¨getuid();getgid();int setuid(uid_t uid);int setgid(gid_t gid);
ããåªæè¶ çº§ç¨æ·æè éè¦è®¾ç½®çuidåå½åç¨æ·çuidä¸è´æå¯ä»¥è®¾ç½®ï¼å¦åè¿å-1ï¼ç½®errno = EPERMï¼ errnoå¯ä»¥éè¿strerror()ç¿»è¯ã
ããå ¶å®ï¼[testa@xxx home]$ su testa [testa@xxx home]$ sudo touch aa
ããtesta is not in the sudoers file. This incident will be reported.
ãã以rootæévim /etc/sudoerså¢å testa ALL=(ALL) ALL
ããåèï¼APUE2Eï¼1.8ï¼ 4.4ï¼ 8.11
ããç¥é为ä»ä¹å¾å¤ç¨åºä¸éè¦ä½¿ç¨getuid()ï¼setuid()ï¼ä¸ºä»ä¹ä»¥æ®éæéç»éçç¨æ·ä¸è½è¿å ¥/rootï¼ä¸ºä»ä¹å¨/ç®å½ä¸æ§è¡ls -låå¯ä»¥æ¾ç¤ºrootçä¿¡æ¯ï¼ä½ls /root -alå´æ¯æéä¸å¤ï¼ä¸ºä»ä¹æäºæ件夹å¯ä»¥ç»§ç»å建æ件ï¼ä½å°±æ¯ä¸è½lsï¼ççï¼ç¸ä¿¡çäºæ¤æå°±è½æç½ã
ãã主è¦æ¯å¦ä¹ ç¬è®°ï¼ä¸è¶³ä¹å¤è¯·ææ£ã
ããCentOS 5.4 [testc@xxx opt]$ uname -a Linux xxx 2.6.18-164.el5xen #1 SMP Thu Sep 3 04ï¼47ï¼32 EDT 2009 i686 i686 i386 GNU/Linux
ããä¸ãå£ä»¤æ件1ï¼æ ¼å¼åå¨æ件/etc/passwdï¼æ ¼å¼å¦ä¸ï¼rootï¼xï¼0ï¼0ï¼rootï¼/rootï¼/bin/bash aaaï¼xï¼501ï¼501ï¼bjï¼ bjï¼ 8111111ï¼136000111ï¼/home/aaaï¼/bin/bashç¨æ·åï¼å å¯å¯ç ï¼ç¨æ·IDï¼ç»IDï¼æ³¨éï¼å·¥ä½ç®å½ï¼shellï¼
ããé»è®¤æ åµæ¯ç¬¬ä¸è¡çæ ¼å¼;注éå段å¯ä»¥èªè¡ä¿®æ¹ï¼ç¨éå·éå¼ï¼å¦ç¬¬äºè¡æ ¼å¼ï¼è¿ä¸»è¦æ¯ç»fingerå½ä»¤ä½¿ç¨æ¶å¯è§£æã
ããå¯ä»¥vi /etc/passwdä¿®æ¹ï¼ä½ä¸ºäºä¿è¯å ¶æ ¼å¼çæ£ç¡®æ§ï¼è¯·ç¨vipwå½ä»¤ç¼è¯æ¤æ件ã
ããsh-3.2# finger aaa Loginï¼ aaa Nameï¼ bj Directoryï¼ /home/aaa Shellï¼ /bin/bash Officeï¼ bjï¼ 8111111 Home Phoneï¼ 136000111 Never logged in. No mail. No Plan.
ãã2ï¼ç¼ç¨å®ä¾
ãã/*getpwnam_pwuid.c*/ #include #include #include
ããint main(void)
ãã{ //struct passwd *pwd = getpwnam("aaa");struct passwd *pwd = getpwuid(501);if(pwd == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ pwd->pw_name);printf("passwdï¼%s\n"ï¼ pwd->pw_passwd);printf("descriptionï¼%s\n"ï¼ pwd->pw_gecos);printf("uidï¼%d\n"ï¼ pwd->pw_uid);printf("gidï¼%d\n"ï¼ pwd->pw_gid);printf("dirï¼%s\n"ï¼ pwd->pw_dir);printf("shellï¼%s\n"ï¼ pwd->pw_shell);
ããreturn 0;}
ããsh-3.2# gcc getpwnam_pwuid.c -o app sh-3.2# ./app nameï¼aaa passwdï¼x descriptionï¼bjï¼ bjï¼ 8111111ï¼136000111 uidï¼501 gidï¼501 dirï¼/home/aaa shellï¼/bin/bash
ããäºãç»æ件1ï¼æ ¼å¼åå¨æ件/etc/groupï¼æ ¼å¼å¦ä¸rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon aaaï¼xï¼501ï¼ç»åï¼å å¯å¯ç ï¼ç»IDï¼æåçåç¨æ·å
ãã2ï¼æ¹åæ件uidågid.
ããsh-3.2# pwd /root/study sh-3.2# ls -al -rw-râârââ 1 root root 397 10-11 03ï¼23 test.c
ããchgrp æ¹åæå±ç»IDï¼å½ç¶åªærootæéæå¯ä»¥ä¿®æ¹ã
ããsh-3.2# chgrp aaa test.c sh-3.2# ls -al -rw-râârââ 1 root aaa 397 10-11 03ï¼23 test.c
ããè¿ä¸ªaaaå°±æ¯æ°ç»åï¼å ¶å¨/etc/groupä¸ï¼å¯ä»¥éè¿adduser aaaèªè¡æ·»å sh-3.2# cat /etc/group rootï¼xï¼0ï¼root binï¼xï¼1ï¼rootï¼binï¼daemon daemonï¼xï¼2ï¼rootï¼binï¼daemon.
ããgdmï¼xï¼42ï¼sabayonï¼xï¼86ï¼plmtestï¼xï¼500ï¼aaaï¼xï¼501ï¼
ããchown æ¹åç¨æ·IDæç»ID sh-3.2# chown aaaï¼aaa test.c sh-3.2# ls -al -rw-râârââ 1 aaa aaa 397 10-11 03ï¼23 test.c
ãã3ï¼ç¼ç¨å®ä¾
ãã/*getgrnam.c*/ #include #include
ããint main(int argcï¼ char *argv[])
ãã{ if(argv[1] == NULL)
ãã{ printf("input error.\n");return 1;}
ããstruct group *gp = getgrnam(argv[1]);if(gp == NULL)
ãã{ printf("err.\n");return 1;}
ããprintf("nameï¼%s\n"ï¼ gp->gr_name);printf("psswdï¼%s\n"ï¼ gp->gr_passwd);printf("gidï¼%d\n"ï¼ gp->gr_gid);
ããint i;for(i = 0; gp->gr_mem[i] != NULL; i++)
ãã{ printf("group nameï¼%s\n"ï¼ gp->gr_mem[i]);}
ããreturn 0;}
ããsh-3.2# gcc getgrnam.c -o app sh-3.2# ./app bin nameï¼bin psswdï¼x gidï¼1 group nameï¼root group nameï¼bin group nameï¼daemon 4ï¼æ件æéä¸ç»è®²äºsh-3.2# ls -alæ»è®¡ 483984 drwxr-xââ 13 root root 4096 02-22 00ï¼01 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ãã-rw-râârââ 1 root root 464023491 10-25 22ï¼33 3.3.005-080425.tgz -rwââ 1 root root 9346 02-21 23ï¼16 .bash_history -rw-râârââ 1 root root 24 2007-01-06 .bash_logout -rw-râârââ 1 root root 191 2007-01-06 .bash_profile -rw-râârââ 1 root root 176 2007-01-06 .bashrc drwxrwxrwx 10 1000 users 4096 08-23 20ï¼16 cflow-1.3 -rw-râârââ 1 root root 759691 08-23 20ï¼13 cflow.tar.gz -rw-râârââ 1 root root 100 2007-01-06 .cshrc -rwxr-xr-x 1 root root 582 11-11 21ï¼48 delete_M.sh -rw-râârââ 1 root root 2518 11-11 20ï¼25 .dir_colors
ãã主è¦æ¯æ左边ä¸åï¼drwxr-xââ10个å符ï¼æ左边æ¯æ件类åï¼-é»è®¤ä¸ºæ®éæ件;dï¼ç®å½æ件;l符å·é¾æ¥â¦â¦
ããåé¢9个ï¼3个ä¸ç»å ±ä¸ç»ï¼åå«è¡¨ç¤ºæå±ç¨æ·uidçæé;æå±ç»æè éå±ç»gidçæé;å ¶å®æéã
ããä¸ä¸ªå符åå«æ¯è¯»ãåãæ§è¡æé读4ï¼å2ï¼ æ§è¡1
ããæ以chmod 777 test.cï¼æåå°è¯»ãåãæ§è¡æéã
ãã5ï¼ç»æéæä½å®ä¾æ¤èæ¼ç¤ºç¸åç»çæåä¹é´å ±äº«èµæºï¼å³ä¸åuidä½ç¸ågidçç¨æ·å ±äº«åä¸ç»çèµæºã
ãã为äºæ¹ä¾¿èµ·è§ï¼æåæ¶å¼äºä¸¤ä¸ªç»ç«¯ã
ãã"sh-3.2#"以rootæéç»éçshell /bin/sh "[testa@xxx root]"以testaç¨æ·ç»éçshell
ãã注ï¼ä¸ææå°çâç¨æ·âæ¯æ/etc/passwdéå®ä¹çéè¿ç»ç«¯ç»éçç¨æ·(æ¤æå³ä»¥ä¸å¢å çä¸ä¸ªè´¦å·å)ã
ããsh-3.2# useradd testa sh-3.2# useradd testb sh-3.2# useradd testc
ããsh-3.2# tail -f /etc/passwd -n 4 sabayonï¼xï¼86ï¼86ï¼Sabayon userï¼/home/sabayonï¼/sbin/nologin testaï¼xï¼500ï¼500ï¼ï¼/home/testaï¼/bin/bash testbï¼xï¼501ï¼501ï¼ï¼/home/testbï¼/bin/bash testcï¼xï¼502ï¼502ï¼ï¼/home/testcï¼/bin/bash
ããåå¼ä¸ä¸ªç»ç«¯ç»étestaï¼ä¹åé£ä¸ªç»ç«¯ä¿æã
ããsh-3.2# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤
ããéè¿rootä¿®æ¹testbç®å½æé为770ï¼å³å½åuidæè gidç¸åçç¨æ·åæ读åæ§è¡æéã
ããsh-3.2# cd /home/ sh-3.2# chmod 770 testb
ãã[testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb (here modify)
ããdrwxââ 3 testc testc 4096 02-21 22ï¼52 testc
ãã[testa@xxx home]$ cd testb bashï¼ cdï¼ testbï¼ æéä¸å¤[testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)
ããæ¤æ¶è½ç¶å¼æ¾äºtestbçæå±ç»æéï¼ä½ç¨æ·testaçgid=500(testa) groups=500(testa)ï¼å®è¿ä¸å±äºtestbç»ã
ããä¸é¢ä¿®æ¹testaçgid为testb(æè å¢å å ¶éå±ç»groupså¼ä¸ºtestb)
ããsh-3.2# usermod -G testb testa (å¢å ç¨æ·testaçéå±ç»testb)
ããsh-3.2# id testa uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç»ç«¯éè¦éæ°ç»ä¸ï¼ä½¿åææ´æ¹çæ[testa@xxx root]$ exit exit [root@xxx ~]# su testa [testa@xxx root]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx root]$ cd /home/ [testa@xxx home]$ ls -alæ»è®¡ 28 drwxr-xr-x 5 root root 4096 02-21 22ï¼52 . drwxr-xr-x 32 root root 4096 02-21 21ï¼15 â¦â¦
ããdrwxââ 3 testa testa 4096 02-21 22ï¼56 testa drwxrwxââ 3 testb testb 4096 02-21 22ï¼48 testb drwxââ 3 testc testc 4096 02-21 22ï¼52 testc [testa@xxx home]$ cd testb [testa@xxx testb]$ pwd /home/testb
ãã以ä¸æ¯å¢å äºç¨æ·testaçéå±ç»testbï¼ä½¿å ¶å¯¹äºå±äºtestbç»çèµæºæäºè®¿é®æéã
ããä¸é¢å使ç¨newgrpåæ¢ç¨æ·testaçgid.
ãã[testa@xxx testb]$ id uid=500(testa) gid=500(testa) groups=500(testa)ï¼501(testb)
ãã[testa@xxx testb]$ newgrp testb [testa@xxx testb]$ id uid=500(testa) gid=501(testb) groups=500(testa)ï¼501(testb)
ããæ¤æ¶testaç¨æ·çgidå·²æ¹ä¸º501(testb)ã
ããç»ä¹åçå ³ç³»å¨æ件/etc/group sh-3.2# tail -f /etc/group -n 4 sabayonï¼xï¼86ï¼testaï¼xï¼500ï¼testbï¼xï¼501ï¼testa (æåä¸åï¼ç»å ç¨æ·å表ãå³ç»testbéå å«testaï¼testaå±äºtestbç»ï¼å¤§æ¦å°±è¿ææå§â¦â¦)
ããtestcï¼xï¼502ï¼
ããè½ç¶ç¥éæ§å¶ç»å ³ç³»çæ件ï¼ä½ä¸è½ç´æ¥ä¿®æ¹äºæ件ï¼å¦åæ§è¡newgrpæ¶ä¼åºç°"æ±æ"é误æ示ã
ããå½ç¶rootç¨æ·æéæ¯æ éå¶çï¼å®è®¿é®æ件æ¶ä¸éè¦è¿è¡æéæ£æ¥ã
ããä¸ãç¸å ³ç³»ç»è°ç¨getuid();getgid();int setuid(uid_t uid);int setgid(gid_t gid);
ããåªæè¶ çº§ç¨æ·æè éè¦è®¾ç½®çuidåå½åç¨æ·çuidä¸è´æå¯ä»¥è®¾ç½®ï¼å¦åè¿å-1ï¼ç½®errno = EPERMï¼ errnoå¯ä»¥éè¿strerror()ç¿»è¯ã
ããå ¶å®ï¼[testa@xxx home]$ su testa [testa@xxx home]$ sudo touch aa
ããtesta is not in the sudoers file. This incident will be reported.
ãã以rootæévim /etc/sudoerså¢å testa ALL=(ALL) ALL
ããåèï¼APUE2Eï¼1.8ï¼ 4.4ï¼ 8.11
温馨提示:答案为网友推荐,仅供参考
第1个回答 2012-11-06
linux下文件权限分为四段:drwxrwxrwx
d表示这是一个目录,是一段,有时第一段也可能是l(l表示软连接)也可能没有,就用“-”表示
第二段是所属主权限,r:4(读取);w:2(写入);x:1(执行),rwx表示所属主用于所有权限,第三段和第四段也是一个意思,但第三段表示的是所属组,第四段表示的是其他人,懂了么?
d表示这是一个目录,是一段,有时第一段也可能是l(l表示软连接)也可能没有,就用“-”表示
第二段是所属主权限,r:4(读取);w:2(写入);x:1(执行),rwx表示所属主用于所有权限,第三段和第四段也是一个意思,但第三段表示的是所属组,第四段表示的是其他人,懂了么?
第2个回答 2012-11-06
楼上说的很详细。
第3个回答 2012-11-06
rwx 421