Everybody is good! I am Sean!
I haven’t seen it for a long time. Today I will talk about how to temporarily obtain root permission for our program.
preface
First, familiarize yourself with two concepts: permission bits and users.
Permission bit
Linux divides the users who access files into three categories: the owner (U), the group (G) (that is, the group to which the file belongs), and others (O). And for three different user identities, it specifies whether they have read (R), write (W) and execute (x) permissions on files.
The user
Linux users are classified into super users (uid= 0), common users (uid=[500, 60000]), and system users (uid=[1, 499]). Super users have the ability to operate everything. System users are built-in users that are required for the proper functioning of the Linux system and are typically used for administrative services. System users, such as bin, daemon, and LP, cannot be used to log in. A common user is created to enable the user to use Linux system resources. The account created by a user is a common account.
so
For security reasons, the program is required to run as a common user in Linux system. Of course, some companies directly run the program with root, it is not impossible, but the root permission is too large, can do anything, such as one day accidentally write a script:
rm -rf *
Copy the code
Perhaps some important data to delete, or even directly to their own system to break down, such a situation, no matter for the company or personal loss is huge.
There are two ways to temporarily obtain superuser rights
Method 1: Sudo
This method is for shell command or shell script, program through sudo call script to achieve temporary root permission effect, we can use:
sudo hello_world.sh
Copy the code
/etc/sudoers /sudoers /sudoers /sudoers /sudoers /sudoers /sudoers /sudoers /sudoers
sudo /opt/Sean/hello_world.sh
Copy the code
(A follow-up article will cover sudoers configuration in detail.)
Method 2: Setuid
Before we say setuid, there is a special permission bit that must be mentioned. This is the key to achieve temporary root permission.
S rights
S permission: Sets the permissions of the file owner during the execution phase, which is equivalent to temporarily owning the identity of the file owner. A typical file is passwd. If a regular user executes this file, it can gain root privileges during execution, allowing you to change the user’s password. You can run the following command to set the S permission:
Chmod 4755 hello_world or chmod u+s hello_worldCopy the code
Without further ado, show the code
#include <iostream> #include <string> #include <unistd.h> using namespace std; int main() { uid_t uid = getuid(); cout << "try to change: uid{" << getuid() << "} euid{" << geteuid() << "}" << endl; If (setuid(0)) {cout << "change failed: uid{" << getuid() << "} euid{" << geteuid() <<"}" << endl; return -1; } cout << "change success: uid{" << getuid() << "} euid{" << geteuid() <<"}" << endl; // do what you want to do by root setuid(uid); if(getuid() == uid) { cout << "change back: uid{" << getuid() << "} euid{" << geteuid() <<"}" << endl; } return 0; }Copy the code
Running effect
[sean@CentOS code]$ g++ main.cpp [sean@CentOS code]$ ll total 20 -rwxr-xr-x 1 sean sean 9104 Dec 31 10:50 test ---------- 1 sean sean 670 Dec 31 10:17 main.cpp [sean@CentOS code]$ ./test try to change: uid{1001} euid{1001} change failed: Uid {1001} euid{1001} # If you do not have the correct permissions, setuID will fail. [sean@CentOS code]$su - root [root@CentOS code]# chown root:root test [root@CentOS code]# chmod 4755 test [root@CentOS code]# ll total 20 -rwsr-xr-x 1 root root 9104 Dec 31 10:50 test ---------- 1 sean sean 670 Dec 31 10:17 [sean@CentOS code]$./test try to change: uid{1001} euid{0} change success: Uid {0} euid{0} #uid=0Copy the code
Because the purpose is to temporarily obtain root privileges, so be sure to restore the original user identity after you have done the desired task. Otherwise, when you run the ps command to view the process, you will find that the user is root, which may cause security risks.
These are the two ways to temporarily obtain root privileges in Linux.
That’s all for today! Thank you for reading! If this article is helpful, please give it a thumbs up