Jhe*_*hod 4 permissions command-line root su
每当我尝试跑步时
su
Password:
然后它显示错误
setgid: Operation not permitted
我使用更改权限后出现此问题 chown
的输出ls -lsa /bin/su是:
40 -rwxrwxr-x 1 jheel root 40128 May 17 2017 /bin/su
Yar*_*ron 12
正确的权限/bin/su应该是:-rwsr-xr-x
-rwsr-xr-x 1 root root 40128 May 17 2017 /bin/su*
为了解决这个特定问题,您应该:
这可以使用:
sudo chown root:root /bin/su
sudo chmod 4755 /bin/su
root.s位设置为/bin/su命令。问:为什么执行chown上/bin/su还去掉了set-user-id/set-group-id位?
答:按设计执行chown可能会删除set-user-id/set-group-id位。当设置这些位时,执行此类文件将导致以二进制文件的所有者身份运行该文件,而不是以执行该文件的进程的所有者身份运行该文件。在不删除该set-user-id位的情况下更改文件所有者(或组)将导致文件将以与最初计划的不同用户身份执行,这可能会导致安全漏洞。
一些参考:
Run Code Online (Sandbox Code Playgroud)Unless chown is invoked by a process with appropriate privileges, the set-user-ID and set-group-ID bits of a regular file shall be成功完成后清除;可以清除其他文件类型的 set-user-ID 和 set-group-ID 位。
Ubuntuchown手册页建议运行info coreutils 'chown invocation'以获得完整的文档chown
13.1 ‘chown’: Change file owner and group
=========================================
‘chown’ changes the user and/or group ownership of each given FILE to
NEW-OWNER or to the user and group of an existing reference file.
Synopsis:
....
The ‘chown’ command sometimes clears the set-user-ID or set-group-ID
permission bits. This behavior depends on the policy and functionality
of the underlying ‘chown’ system call, which may make system-dependent
file mode modifications outside the control of the ‘chown’ command. For
example, the ‘chown’ command might not affect those bits when invoked by
a user with appropriate privileges, or when the bits signify some
function other than executable permission (e.g., mandatory locking).
When in doubt, check the underlying system behavior.