<p>setuid不是这样工作的。当根目录降级时,它的设计是不能重新约束根的。一旦你放弃了根(在这种情况下),它就消失了。在</p>
<p>如果使用setuid作为根用户,则无法返回。在</p>
<p>我假设操作系统集UID是一个到C级调用的瘦代理。从<a href="http://linux.die.net/man/2/setuid" rel="nofollow noreferrer">man</a>页:</p>
<blockquote>
<p>If the user is root or the program is set-user-ID-root, special care must be taken. The setuid() function checks the effective user ID of the caller and if it is the superuser, all process-related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.</p>
</blockquote>
<hr/>
<p>至于<em>为什么</em>根不能被重新训练,考虑一个典型的用法。假设有一个Apache服务器下拉到<code>www</code>(或某种非特权用户)来处理实际的请求。如果您可以重新获得根目录,那么Python脚本(或PHP/Perl/CGI/etc)可能会夺回root并造成绝对的破坏。在</p>
<hr/>
<p>至于解决方案,可以使用seteuid(操作系统集ID再一次,一个简单的代理通过到C级<a href="http://linux.die.net/man/2/seteuid" rel="nofollow noreferrer">seteuid</a>)。关于setuid和seteuid的python文档看起来很糟糕,但是有大量关于系统调用的文档。在</p>
<p>至于暂时掉根恢复的安全。。。你需要非常小心。如果恶意代码有机会获得根目录,你就完蛋了。出于这个原因,最好是进入一个子进程(如user4815162342所建议的)。子进程将无法重新根。有关关注点的更多信息可以在<a href="https://stackoverflow.com/questions/8968387/is-it-flawed-to-use-seteuid-to-drop-root-privilege-temporarily">here</a>找到。关于setuid一般奇怪之处的更多信息是<a href="https://stackoverflow.com/questions/8499296/realuid-saved-uid-effective-uid-whats-going-on">here</a>。在</p>
<p>其思想是用seteuid设置有效的用户id并生成一个新进程。由于exec的工作方式,有效的用户id将被复制到新进程的保存uid中。由于保存的uid不再是root,因此无法将root改回。更多有趣的文档可以找到<a href="http://linux.die.net/man/2/execve" rel="nofollow noreferrer">here</a>。在</p>
<p>最相关的部分:</p>
<blockquote>
<p>If the set-user-ID bit is set on the program file pointed to by filename, and the underlying file system is not mounted nosuid (the MS_NOSUID flag for mount(2)), and the calling process is not being ptraced, then the effective user ID of the calling process is changed to that of the owner of the program file. Similarly, when the set-group-ID bit of the program file is set the effective group ID of the calling process is set to the group of the program file.</p>
<p>The effective user ID of the process is copied to the saved set-user-ID; similarly, the effective group ID is copied to the saved set-group-ID. This copying takes place after any effective ID changes that occur because of the set-user-ID and set-group-ID permission bits.</p>
</blockquote>