seb*_*elk 8 bash options privileges
我已经使用 bash 多年,但我一直坚持使用可以使用 set 命令配置的“特权模式”。
例如:
set -p
我已经阅读了 bash 手册页,但它有点晦涩。
例如,让我们考虑以下脚本
#! /bin/bash -p
ping 192.168.1.1
该文件的权限如下:
-rwxr-xr-x。1 根操作员 80 三月 2 23:20 /scripts/privileged.sh
然后以非 root 用户身份运行 /scripts/privileged.sh
所以我运行:
ps -Cping -ocomm,egroup,euser,ruser,ruser,rgroup
COMMAND EGROUP EUSER RUSER RUSER RGROUP
ping operador operador operador operador operador
好的,您可以更改模式,但无论如何 Linux 都会放弃特权:
[root@server ~]# chmod 4755 /scripts/privileged.sh
[root@server ~]# ls -l /scripts/privileged.sh
-rwsr-xr-x. 1 root operador 79 mar 2 23:33 /scripts/privileged.sh
所以我以非 root 用户身份运行脚本,然后我得到:
[root@server ~]# ps -Cping -ocomm,egroup,euser,ruser,ruser,rgroup
COMMAND EGROUP EUSER RUSER RUSER RGROUP
ping operador operador operador operador operador
所以我发现这个选项没用,如果我误解了什么,请你纠正我吗?
从bash信息页面:
'-p'
Run Code Online (Sandbox Code Playgroud)Turn on privileged mode. In this mode, the `$BASH_ENV' and `$ENV' files are not processed, shell functions are not inherited from the environment, and the `SHELLOPTS', `BASHOPTS', `CDPATH' and `GLOBIGNORE' variables, if they appear in the environment, are ignored. If the shell is started with the effective user (group) id not equal to the real user (group) id, and the `-p' option is not supplied, these actions are taken and the effective user id is set to the real user id. If the `-p' option is supplied at startup, the effective user id is not reset. Turning this option off causes the effective user and group ids to be set to the real user and group ids.
这表示该-p选项让 bash 保留它启动时使用的有效用户 ID,而没有它,它会将有效 uid 设置为实际 uid(您的用户)。这将允许 setuid 位有效地允许 bash 保留它的 setuid 用户。您会注意到,使用该-p选项,大量文件和变量将被忽略,而不是从父 shell 继承。