问题描述

我正在以非特权用户身份在Linux和Solaris上运行此小型python脚本 :

#!/usr/bin/python
import os
print 'uid,euid =',os.getuid(),os.geteuid()

在运行之前，将setuid位设置为脚本(而不是python解释器):

chown root:myusergrp getuid.py
chmod 4750 getuid.py

在Solaris上，由于setuid位而设置了有效uid:

uid,euid = 10002 0

但不是在Linux上:

uid,euid = 10002 10002

请注意，适用于Solaris和Linux的python版本均为2.6

是否可以将Python Linux用作Python Solaris?

大多数Unix发行版通常不允许您在使用#的文件上使用setuid！口译员.由于Solaris使用的是比大多数其他发行版更安全的实现，因此Solaris恰恰是允许它的版本.

有关此机制为何如此危险的更多背景，请参见此常见问题解答条目:如何让setuid shell脚本起作用?

有关更多讨论以及如何编译将运行脚本的setuid可执行文件，请参见以下链接: shell脚本上的setuid

相关部分:

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}

I am running this small python script on both linux and Solaris as a not privileged user :

#!/usr/bin/python
import os
print 'uid,euid =',os.getuid(),os.geteuid()

Before running, the setuid bit is set on the script (not on python interpreter) :

chown root:myusergrp getuid.py
chmod 4750 getuid.py

On Solaris, the effective uid is set because of the setuid bit :

uid,euid = 10002 0

But not on Linux :

uid,euid = 10002 10002

Note the python version is 2.6 for both Solaris and Linux

Is it possibe to have Python Linux working as Python Solaris ?

Most Unix distributions normally don't allow you to use setuid on a file that uses a #! interpreter. Solaris happens to be one that allows it due to its use of a more secure implementation than most other distributions.

See this FAQ entry for more background about why the mechanism is so dangerous: How can I get setuid shell scripts to work?

See this link for more discussion and how to compile a setuid executable that will run your script: setuid on shell scripts

The pertinent part:

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}

这篇关于python脚本上的setuid位:Linux vs Solaris的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！