配置 linux 开机运行脚本 && setuid & setgid
来源:互联网 发布:学手语的软件 编辑:程序博客网 时间:2024/05/17 02:01
方法1:
编辑文件: /etc/rc.local
sudo vi /etc/rc.local
添加你想要执行的脚本或者也可以直接将命令写在rc.local 里头,但是要注意rc.local 的 shebang 是 #!/bin/bash
还是 #!/bin/sh
,这个对命令的执行有影响!因为有些系统上sh指向的是dash
而不是bash
如果希望配置系统默认为bash而非dash: sudo dpkg-reconfigure dash
#!/bin/bash# This script is executed at the end of each multiuser runlevelexport MY_ENV_VAR=/home/guowei/robot # 添加命令/path/to/my/script.sh # or 添加想要执行的脚本exit 0
e.g. script.sh 内容如下(最好添加 shebang):
#!/bin/bashservice xxx restart # 无需加sudochmode 777 xxx
方法2
在 /etc/init.d 文件夹中创建脚本 如:myscript.
sudo vi /etc/init.d/myscript # 名字随意
添加想要执行的命令:
#!/bin/shexport MY_ENV_VAR=/home/guowei/robot # 添加命令/path/to/my/script.sh # 添加想要执行的脚本
使其拥有可执行权限
chmod ugo+x /etc/init.d/myscript # 或者 chmod 777 /etc/init.d/myscript
配置其开机启动:
sudo update-rc.d myscript defaults
或者手动创建软连接
sudo ln -s /etc/init.d/myscript /etc/rcX.d/
其中X为你的runleve具体的runlevel 可以 who -r 查看(一般是为所有的runlevel都创建软连接)。关于runleve: 0为halt, 1为Single-user mode,6为reboot, 2-5为正常登陆的runlevel
方法3:
添加一个 Upstart job,步骤:
创建 myjob.conf文件:
sudo vi /etc/init/myjob.conf
内容如下:
description "my job"start on startuptaskexec /path/to/my/script.sh
关于setuid和setgid
一个文件归属权: 所有者 & 组
一个文件属性: 除了rwx属性外,还有 setuid&setgid属性(s),可执行文件和目录有区别。
ls -ldrwxr-xr-x 2 root root 4096 5月 26 01:34 aadrwxrwsr-x 4 guowei root 4096 5月 26 01:39 bb // 用户为guowei, 组为 root. 其中s表示 setuid&setgid 属性,d表示目录,rwx表示读-写-执行
修改文件归属权:
sudo chown root ./bb // 修改所有者sudo chown :guowei ./aa // 修改组ls -ldrwxr-xr-x 2 root guowei 4096 5月 26 01:34 aadrwxrwsr-x 4 root root 4096 5月 26 01:39 bb // root root
修改属性:
修改可执行文件的setuid,使得其他用户能够以该文件所有者的权限来执行该文件(or setgid,以组的权限执行该文件):
sudo chmod +s ./myapp # 同时设置 UID&GID,如果该文件所有者(或者group)为root,那么其他用户无需加sudo等,便可以root权限去执行该程序# 或者sudo chmod u+s ./myapp # 只设置UID
修改目录的setgid,使得在该目录下创建的新的文件或文件夹继承该目录的组,而不是该用户的组:
sudo chmod +s ./bb # 设置UID&GID#或者 sudo chmod g+s ./bb # 只设置GIDls -ldrwxr-xr-x 2 guowei root 4096 5月 26 01:34 aa # 没有setgiddrwxrwsr-x 4 guowei root 4096 5月 26 01:39 bb # 有setgidmkdir -p aa/aa2mkdir -p bb/bb2ls -l aadrwxrwxr-x 2 guowei guowei 4096 5月 26 01:58 aa2 # 组为guoweils -l bbdrwxrwsr-x 2 guowei root 4096 5月 26 01:58 bb2 # 组为root,而不是guowei,而且继承了setgid
如何以普通用户登陆执行root权限的程序?
1. 对可执行文件 setuid & setgid:
SUID (Set User ID up on execution) When an executable file has been given the setuid attribute, normal users on the system who have permission to execute this file gain the privileges of the user who owns the file (commonly root) within the created process.
SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.
SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.
setuid能够使普通用户获得与该文件的所有者相同的执行权限 (仅限可执行程序,出于安全考虑bash脚本不能够setuid——Setuid shebang)。如果该文件所有者是root,那么该用户久可以不用加sudo执行该程序,如下:
sudo chown root ./myapp # myapp所有者为root# chmod 可以指定 ugoa(owner, group, other, all),默认为a(all user)sudo chmod +s ./myapp # set user or group ID on execution (s), 取消:chmod -s
So, the setuid and setgid bits are normally set with the command chmod by setting the high-order octal digit to 4 for setuid or 2 for setgid. “chmod 6711 file” will set both the setuid and setgid bits (4+2=6), making the file read/write/executable for the owner (7), and executable by the group (first 1) and others (second 1). When a user other than the owner executes the file, the process will run with user and group permissions set upon it by its owner. For example, if the file is owned by user root and group wheel, it will run as root:wheel no matter who executes the file.
2. 对目录 setuid & setgid:
The setuid and setgid flags, when set on a directory, have an entirely different meaning.
Setting the setgid permission on a directory (“chmod g+s”) causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit(再在子目录中创建新的目录,还是继承同样的gid). Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:
root@foo# find /path/to/directory -type d -exec chmod g+s '{}' \;
ref link: http://www.linuxnix.com/suid-set-suid-linuxunix/
- 配置 linux 开机运行脚本 && setuid & setgid
- linux 的setuid setgid
- Linux setUid,setGid 实例
- linux setuid setgid setegid函数
- Linux中的setuid和setgid
- Linux setuid setgid stickybit 权限
- linux/unix特殊权限setuid,setgid,sticky
- linux下setuid,setgid ,setbit的区别
- 如何修改linux开机运行配置脚本
- setuid和setgid
- SetUID与SetGID应用
- setuid,setgid的作用
- setuid和setgid
- setuid和setgid 位
- 什么是SetUid、SetGid
- setuid和setgid
- SetUID, SetGID, Sticky bit
- SetUID与SetGID应用
- Linux 网桥配置命令:brctl
- Android的原子操作函数
- spring+hibernate+struts2整合方案(2,整合细则)
- 第十二周项目1.1实现复数类中的运算符重载(成员函数)
- 删除指定节点
- 配置 linux 开机运行脚本 && setuid & setgid
- second test
- JS循环执行函数setInterval
- JSON的定义
- 深入浅出如何解析xml文件---下篇
- 备份到远程服务器
- Codeforces Round #121 (Div. 1) C. Fools and Roads 经典的lca前缀和问题
- Android : DevicePolicyManager
- SqQueue循环队列的 顺序存储实现