Setuid to switch to the new pid.
使用setuid切换到那个新的pid。
Using the setpgid() and setuid() system call
使用setpgid()和setuid()系统调用
This is especially a problem for setuid/setgid programs.
这对setuid/setgid程序来说尤其是一个问题。
Adam Shostack has posted a copy of the setuid(7) man page.
Adam Shostack 公布了setuid(7)手册页的一个拷贝。
Call setuid (2) or a related system call to change its userid.
调用setuid(2)或相关的系统调用来修改userid。
An especially important case is any program that is "setuid" or "setgid."
尤其重要的情形是所有的“setuid”或者“setgid”的程序。
After the bind , it can step down (using setuid ) to run as the instance user.
在bind之后,服务器可以降级(使用setuid)为作为实例用户运行。
Start as root, either by authenticating as root or executing a setuid root binary.
通过根用户身份或者执行setuidroot二进制文件,作为根进程启动。
From the Linux man pages: setuid sets the effective user id of the current process.
在Linux手册页上指出:setuid设置当前进程的有效用户id。
In another window, as non-root, execute the ping binary without the setuid bit set.
在另一个窗口中,作为非根用户执行没有设置setui d位的ping二进制程序。
A setuid process, such as launching top, runs with the privileges of the user who owns the file.
一个setuid进程(如启动top)是用拥有该文件的用户权限运行的。
The file effective set will be full on if the process's effective uid is root or the file is setuid root.
如果进程的有效uid是根用户,或者文件是setuid root,那么文件有效集就是满的。
Call PRCTL (2) to set PR_SET_KEEPCAPS, which asks the system to let it keep its capabilities across setuid (2).
通过调用prctl(2)设置PR_SET _ KEEPCAPS,这请求系统在调用setuid(2)时保留它的能力。
This set of rules allows a process to have capabilities either by virtue of being root or by running a setuid root file.
这套规则让进程可以根据根用户或者通过运行setuidroot文件拥有能力。
Other USES such as setuid will be covered in the article Manage file permissions and ownership (see the series roadmap).
诸如setuid之类的用户将在管理文件权限和所有权(参见学习Linux, 101: LPIC - 1路线图)一文中介绍。
Using PRCTL (3), a process can request keeping its capabilities across its next setuid (2) call. This means that a process can.
通过使用prctl(3),进程可以请求在下一次调用setuid(2)时保留它的能力。
Prior to this command, you needed to work with Role-Based Access Control (RBAC) to help remedy the problem of setuid and setgid programs.
在有这个命令之前,您需要使用Role- BasedAccessControl (RBAC)来帮助纠正setuid和setgid程序的问题。
The file inheritable and permitted sets will be full on if the process's real or effective uid is 0 (root) or the file is setuid root.
如果进程的真实uid或有效uid是0(根用户),或者文件是setuid root,那么文件的可继承集和允许集就是满的。
Nevertheless, file capabilities applied judiciously to system binaries in place of making them setuid root can help protect your systems.
无论如何,对系统二进制代码谨慎地应用文件能力,用这种方式替代setuidroot方式,可以更好地保护系统。
One common approach is to create a command-line tool with special privileges (such as being setuid or setgid) that has an extremely limited function.
一个通常的方法是,创建功能极度受限的拥有特定特权(比如是setuid或者setgid)命令行工具。
Where possible, try to avoid creating setuid or setgid programs at all, because it's very difficult to make sure that you're really protecting all inputs.
如果有可能,尽量完全避免创建setuid或setgid程序,因为很难确保您正在真正保护所有输入。
But a significant contributing factor is that Sendmail is often installed as a monolithic "setuid root" program, with complete control over the system it runs on.
不过,一个重要的作用因素是,Sendmail经常被安装为一个单一的“setuidroot”程序,对运行它的系统有完全的控制权限。
For example, a program that needs a single root privilege may get started as root (say, by being setuid root) and then switch to running as a less-privileged user.
例如,需要个别的root特权的程序可能以root身份启动(比如说,通过成为setuid root)然后切换到以较少特权用户身份运行。
Normally, processes run as the user and groups of their user, but a "setuid" or "setgid" program picks up the privileges of the user or group that owns the program.
通常,进程以使用它们的用户和组身份运行,不过,“setuid”或“setgid”的程序会获得拥有这个程序的用户或组的特权。
On top of this, distributions sometimes apply their own patches, which can make it impossible to replace the root setuid bit with file capabilities in some situations.
发行版有时候会在此之上应用它们自己的补丁,所以在某些情况下不可能用文件能力替代setuid 位。
The quickest way to check whether at could be made to run by a non-root user without being setuid root is to remove the setuid bit and then grant it all capabilities.
要想查明非根用户是否可以运行不带setuid位的at,最快的方法是删除 setuid 位,然后授予所有能力
The UNIX passwd command is an example; it's a command-line tool with special privileges to change the password (setuid root), but the only thing it can do is change passwords.
UNIX的passwd命令就是一个例子;它是一个具有特定特权的命令行工具,用于修改密码(setuidroot),但是它所能做的只是修改密码。
An exception to this inheritance rule, where a process might acquire greater privileges than its owner, is an application with the special setuid or setgid bit enabled, as shown by ls.
这一继承规则有一个例外情况,即应用程序启用了特殊的setuid或setgid位,如ls显示的那样,在此情况下,某个进程可能会获得比其所有者更高的权限。
While certainly it is possible to change the source code to make at usable with file capabilities, the setuid bit cannot be substituted by simply assigning file capabilities on Fedora.
肯定可以修改源代码,让at 能够使用文件能力,但是在 Fedora上简单地分配文件能力并不能取代setuid 位。
While certainly it is possible to change the source code to make at usable with file capabilities, the setuid bit cannot be substituted by simply assigning file capabilities on Fedora.
肯定可以修改源代码,让at 能够使用文件能力,但是在 Fedora上简单地分配文件能力并不能取代setuid 位。
应用推荐