< Day Day Up > |
10.9. setuid ScriptsWhoever runs a setuid program temporarily (as long as he or she is running the setuid program) becomes the owner of that program and has the same permissions as the owner. The passwd program is a good example of a setuid program. When you change your password, you temporarily become root , but only during the execution of the passwd program. That is why you are able to change your password in the /etc/passwd (or /etc/shadow ) file, which normally is off-limits to regular users. Shell programs can be written as setuid programs. You might want to do this if you have a script that is accessing a file containing information that should not be accessible to regular users, such as salary or other personal information. If the script is a setuid script, the person running the script can have access to the data, but it is still restricted from others. A setuid program requires the following steps:
|
< Day Day Up > |