{"id":22434,"date":"2013-05-13T11:56:48","date_gmt":"2013-05-13T06:26:48","guid":{"rendered":"http:\/\/vskills.in\/certification\/tutorial\/?p=22434"},"modified":"2024-04-12T14:16:55","modified_gmt":"2024-04-12T08:46:55","slug":"setuid-ps-df-ulimit-and-chroot","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/","title":{"rendered":"SetUID, ps, df, ulimit and chroot"},"content":{"rendered":"<p><a class=\"vsc\" href=\"http:\/\/www.vskills.in\/certification\/Certified Linux Administrator \"><span class=\"vsc-cn\" style=\"text-align: center;\"><span style=\"color: red;\">Certify and Increase Opportunity.<\/span><br \/>\n<span style=\"color: green;\">Be <\/span><br \/>\nGovt. Certified Linux Administrator<br \/>\n<\/span><\/a><\/p>\n<p>Few common utilities helps in managing security in Linux.<\/p>\n<p><strong>SetUID<\/strong><\/p>\n<p>Three special types of permissions are available for executable files and public directories. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the executable file.<\/p>\n<p>You must be extremely careful when you set special permissions, because special permissions constitute a security risk. For example, a user can gain superuser privileges by executing a program that sets the user ID (UID) to root. Also, all users can set special permissions for files they own, which constitutes another security concern.<\/p>\n<p>setuid and setgid (short for &#8220;set user ID upon execution&#8221; and &#8220;set group ID upon execution&#8221;, respectively)[1] are Unix access rights flags that allow users to run an executable with the permissions of the executable&#8217;s owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.<\/p>\n<p>setuid and setgid are needed for tasks that require higher privileges than those which common users have, such as changing their login password.<\/p>\n<p>When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner. For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID:<\/p>\n<p>-r-sr-sr-x\u00a0\u00a0 3 root\u00a0\u00a0\u00a0\u00a0 sys\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 104580 Sep 16 12:02 \/usr\/bin\/passwd<\/p>\n<p>This special permission presents a security risk, because some determined users can find a way to maintain the permissions that are granted to them by the setuid process even after the process has finished executing.<\/p>\n<p>The use of setuid permissions with the reserved UIDs (0\u2013100) from a program might not set the effective UID correctly. Use a shell script instead or avoid using the reserved UIDs with setuid permissions.<\/p>\n<p><strong>ps<\/strong><\/p>\n<p>ps displays information about a selection of the active processes. It will \u201ccapture\u201d the system condition at a single time. If you want to have a repetitive updates in a real time, we can use top command. PS support three type of usage syntax style.<\/p>\n<ul>\n<li>UNIX style, which may be grouped and must be preceded by a dash<\/li>\n<li>BSD style, which may be grouped and must not be used with a dash<\/li>\n<li>GNU long options, which are preceded by two dash<\/li>\n<\/ul>\n<p>By default, ps selects all processes with the same effective user ID (EUID) as the current user and associated with the same terminal as the invoker. It displays the process ID (PID), the terminal associated with the process (TTY), the cumulated CPU time in [dd-]hh:mm:ss format (TIME), and the executable name (CMD). Output is unsorted by default.<\/p>\n<p>Options<\/p>\n<ul>\n<li>-A Select all processes. Identical to -e.<\/li>\n<li>-N Select all processes except those that fulfill the specified conditions. (negates the selection) Identical to &#8211;deselect.<\/li>\n<li>T Select all processes associated with this terminal. Identical to the t option without any argument.<\/li>\n<li>-a Select all processes except session leaders and processes not associated with a terminal.<\/li>\n<li>-d Select all processes except session leaders.<\/li>\n<li>-e Select all processes. Identical to -A.<\/li>\n<li>-f does full-format listing.<\/li>\n<li>g Really all, even session leaders. This flag is obsolete and may be discontinued in a future release. It is normally implied by the a flag, and is only useful when operating in the sunos4 personality.<\/li>\n<li>-p pidlist Select by PID. This selects the processes whose process ID numbers appear in pidlist. Identical to p and &#8211;pid.<\/li>\n<li>r Restrict the selection to only running processes.<\/li>\n<li>U userlist Select by effective user ID (EUID) or name. This selects the processes whose effective user name or ID is in userlist. The effective user ID describes the user whose file access permissions are used by the process. Identical to -u and &#8211;user.<\/li>\n<li>x Lift the BSD-style &#8220;must have a tty&#8221; restriction, which is imposed upon the set of all processes when some BSD-style (without &#8220;-&#8220;) options are used or when the ps personality setting is BSD-like. The set of processes selected in this manner is in addition to the set of processes selected by other means. An alternate description is that this option causes ps to list all processes owned by you (same EUID as ps), or to list all processes when used together with the a option.<\/li>\n<li>&#8211;deselect Select all processes except those that fulfill the specified conditions. (negates the selection) Identical to -N.<\/li>\n<\/ul>\n<p>A common use would be to list all processes currently running. To do this you would use the ps \u2212ef command. (Screen output from this command is too large to include, the following is only a partial output.)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17317 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg\" alt=\"setuid-ps-df-ulimit-and-chroot\" width=\"816\" height=\"644\" \/><\/p>\n<p>The first column shows who owns the process. The second column is the process ID. The Third column is the parent process ID. This is the process that generated, or started, the process. The forth column is the CPU usage (in percent). The fifth column is the start time, of date if the process has been running long enough. The sixth column is the tty associated with the process, if applicable. The seventh column is the cumulative CPU usage (total amount of CPU time is has used while running). The eighth column is the command itself.<\/p>\n<p>Examples<\/p>\n<p><u>Display all processes<\/u> &#8211; The following command will give a full list of processes<\/p>\n<p>$ ps ax<\/p>\n<p>$ ps -ef<\/p>\n<p><u>Display process by user<\/u> &#8211; To filter the processes by the owning user use the &#8220;-u&#8221; option followed by the username. Multiple usernames can be provided separated by a comma.<\/p>\n<p>$ ps -f -u www-data<\/p>\n<p><u>Show process by name or process id<\/u> &#8211; To search the processes by their name or command use the &#8220;-C&#8221; option followed by the search term.<\/p>\n<p>$ ps -C apache2<\/p>\n<p><u>Sort process by cpu or memory usage<\/u> &#8211; System administrators often want to find out processes that are consuming lots of memory or CPU. The sort option will sort the process list based on a particular field or parameter.<\/p>\n<p>Multiple fields can be specified with the &#8220;&#8211;sort&#8221; option separated by a comma. Additionally the fields can be prefixed with a &#8220;-&#8221; or &#8220;+&#8221; symbol indicating descending or ascending sort respectively. There are lots of parameters on which the process list can be sorted. Check the man page for the complete list.<\/p>\n<p>$ ps aux &#8211;sort=-pcpu,+pmem<\/p>\n<p><u>Display process hierarchy in a tree style<\/u> &#8211; Many processes are actually forked out of some parent process, and knowing this parent child relationship is often helpful. The &#8216;&#8211;forest&#8217; option will construct an ASCII art style tree view of the process hierarchy.<\/p>\n<p>ps -f &#8211;forest -C apache2<\/p>\n<p><u>Display child processes of a parent process<\/u> &#8211; Here is an example of finding all forked apache processes.<\/p>\n<p>$ ps -o pid,uname,comm -C apache2<\/p>\n<p><u>Display threads of a process<\/u> &#8211; The &#8220;-L&#8221; option will display the threads along with the processes. It can be used to display all threads of a particular process or all processes. The following command shall display all the threads owned by the process with id 3150.<\/p>\n<p>$ ps -p 3150 -L<\/p>\n<p><u>Change the columns to display<\/u> &#8211; The ps command can be configured to show a selected list of columns only. There are a large number of columns to show and the full list is available in the man pages. The following command shows only the pid, username, cpu, memory and command columns.<\/p>\n<p>$ ps -e -o pid,uname,pcpu,pmem,comm<\/p>\n<p><u>Display elapsed time of processes<\/u> &#8211; The elapsed time indicates, how long the process has been running for. The column for elapsed time is not shown by default, and has to be brought in using the &#8220;-o&#8221; option<\/p>\n<p>$ ps -e -o pid,comm,etime<\/p>\n<p><u>Turn ps into an real-time process viewer<\/u> &#8211; As usual, the watch command can be used to turn ps into a real-time process reporter. Simple example is like this<\/p>\n<p>$ watch -n 1 &#8216;ps -e -o pid,uname,cmd,pmem,pcpu &#8211;sort=-pmem,-pcpu | head -15&#8217;<\/p>\n<p><strong>df<\/strong><\/p>\n<p>df (abbreviation for disk free) is used to display the amount of available disk space for file systems on which the invoking user has appropriate read access. df is implemented using the statfs or statvfs system calls. If an argument is the absolute file name of a disk device node containing a mounted file system, df shows the space available on that file system rather than on the file system containing the device node (which is always the root file system). This version of df cannot show the space available on unmounted file systems, because on most kinds of systems doing so requires very nonportable intimate knowledge of file system structures.<\/p>\n<p>The specifications for df are:<\/p>\n<p>df [-k] [-P|-t] [-del] [file&#8230;]\n<table>\n<thead>\n<tr>\n<td width=\"177\">Options<\/td>\n<td width=\"461\">Description<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"177\">-a, &#8211;all<\/td>\n<td width=\"461\">include dummy file systems<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-B, &#8211;block-size=SIZE<\/td>\n<td width=\"461\">use SIZE-byte blocks<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-h, &#8211;human-readable<\/td>\n<td width=\"461\">print sizes in human readable format (e.g., 1K 234M 2G) or display in KB, MB, or GB<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-H, &#8211;si<\/td>\n<td width=\"461\">likewise, but use powers of 1000 not 1024<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-i, &#8211;inodes<\/td>\n<td width=\"461\">list inode information instead of block usage<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-k<\/td>\n<td width=\"461\">like &#8211;block-size=1K. Use 1024-byte units, instead of the default 512-byte units, when writing space figures.<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-l, &#8211;local<\/td>\n<td width=\"461\">limit listing to local file systems<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">&#8211;no-sync<\/td>\n<td width=\"461\">do not invoke sync before getting usage info (default)<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-P, &#8211;portability<\/td>\n<td width=\"461\">use the POSIX output format or Use a standard, portable, output format<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">&#8211;sync<\/td>\n<td width=\"461\">invoke sync before getting usage info<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-t, &#8211;type=TYPE<\/td>\n<td width=\"461\">limit listing to file systems of type TYPE<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-T, &#8211;print-type<\/td>\n<td width=\"461\">print file system type<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">-x, &#8211;exclude-type=TYPE<\/td>\n<td width=\"461\">limit listing to file systems not of type TYPE<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">&#8211;help<\/td>\n<td width=\"461\">display this help and exit<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">&#8211;version<\/td>\n<td width=\"461\">output version information and exit<\/td>\n<\/tr>\n<tr>\n<td width=\"177\">file<\/td>\n<td width=\"461\">Write the amount of free space of the file system containing the specified file<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Most Unix and Unix-like operating systems add extra options. The BSD and GNU coreutils versions include -h, where free space is listed in human readable format, adding units with the appropriate SI prefix (e.g. 10MB), -i, listing inode usage, and -l, restricting display to only local filesystems. GNU df includes -T as well, listing filesystem type information, but the GNU df shows the sizes in 1K blocks by default.<\/p>\n<p>The Single Unix Specification (SUS) specifies by default space is reported in blocks of 512 bytes, and that at a minimum, the file system names and the amount of free space.<\/p>\n<p>The use of 512-byte units is historical practice and maintains compatibility with ls and other utilities. This does not mandate that the file system itself be based on 512-byte blocks. The -k option was added as a compromise measure. It was agreed by the standard developers that 512 bytes was the best default unit because of its complete historical consistency on System V (versus the mixed 512\/1024-byte usage on BSD systems), and that a -k option to switch to 1024-byte units was a good compromise. Users who prefer the more logical 1024-byte quantity can easily alias df to df -k without breaking many historical scripts relying on the 512-byte units.<\/p>\n<p>The output with -P shall consist of one line of information for each specified file system. These lines shall be formatted as follows:<\/p>\n<p>&lt;fs name&gt; &lt;total space&gt; &lt;space used&gt; &lt;space free&gt; &lt;percentage used&gt; &lt;fs root&gt;<\/p>\n<p>Examples<\/p>\n<p>df &#8211; Display all file systems and their disk usage, as in the following output:<\/p>\n<p>Filesystem\u00a0\u00a0\u00a0\u00a0 1K-blocks\u00a0\u00a0\u00a0\u00a0 Used Available Use% Mounted on<\/p>\n<p>\/dev\/loop0\u00a0\u00a0\u00a0\u00a0 18761008 15246876\u00a0\u00a0 2554440 86% \/<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4\u00a0\u00a0 0% \/sys\/fs\/cgroup<\/p>\n<p>udev\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 493812\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4\u00a0\u00a0 493808\u00a0\u00a0 1% \/dev<\/p>\n<p>tmpfs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 100672\u00a0\u00a0\u00a0\u00a0 1364\u00a0\u00a0\u00a0\u00a0 99308\u00a0\u00a0 2% \/run<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5120\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0 5120\u00a0\u00a0 0% \/run\/lock<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 503352\u00a0\u00a0\u00a0\u00a0 1764\u00a0\u00a0 501588\u00a0\u00a0 1% \/run\/shm<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0102400\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 20\u00a0\u00a0 102380\u00a0\u00a0 1% \/run\/user<\/p>\n<p>\/dev\/sda3\u00a0\u00a0\u00a0\u00a0 174766076 164417964 10348112 95% \/host<\/p>\n<p>df -h &#8211; Same as above, but use &#8220;human readable&#8221; formatting, as in the following example:<\/p>\n<p>Filesystem\u00a0\u00a0\u00a0\u00a0 Size Used Avail Use% Mounted on<\/p>\n<p>\/dev\/loop0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 18G\u00a0\u00a0 15G 2.5G 86% \/<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4.0K\u00a0\u00a0\u00a0\u00a0 0 4.0K\u00a0\u00a0 0% \/sys\/fs\/cgroup<\/p>\n<p>udev\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 483M 4.0K 483M\u00a0\u00a0 1% \/dev<\/p>\n<p>tmpfs\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 99M 1.4M\u00a0\u00a0 97M\u00a0\u00a0 2% \/run<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5.0M\u00a0\u00a0\u00a0\u00a0 0 5.0M\u00a0\u00a0 0% \/run\/lock<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 492M 1.8M 490M\u00a0\u00a0 1% \/run\/shm<\/p>\n<p>none\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 100M\u00a0\u00a0 20K 100M\u00a0\u00a0 1% \/run\/user<\/p>\n<p>\/dev\/sda3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 167G 157G 9.9G 95% \/host<\/p>\n<p>df public_html &#8211; Display the amount of free space in the public_html directory, as in the following output:<\/p>\n<p>Filesystem\u00a0\u00a0\u00a0\u00a0 1K-blocks\u00a0\u00a0\u00a0\u00a0 Used Available Use% Mounted on<\/p>\n<p>\/dev\/loop0\u00a0\u00a0\u00a0\u00a0 18761008 15246924\u00a0\u00a0 2554392 86% \/<\/p>\n<p><strong>ulimit<\/strong><\/p>\n<p>The ulimit and sysctl programs allow to limit system-wide resource use. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.<\/p>\n<p>Syntax<\/p>\n<p>ulimit [-acdfHlmnpsStuv] [limit]\n<p>Options<\/p>\n<table>\n<thead>\n<tr>\n<td width=\"68\">Option<\/td>\n<td width=\"445\">Details<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"68\">-S<\/td>\n<td width=\"445\">Change and report the soft limit associated with a resource.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-H<\/td>\n<td width=\"445\">Change and report the hard limit associated with a resource.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-a<\/td>\n<td width=\"445\">All current limits are reported.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-c<\/td>\n<td width=\"445\">The maximum size of core files created.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-d<\/td>\n<td width=\"445\">The maximum size of a process&#8217;s data segment.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-f<\/td>\n<td width=\"445\">The maximum size of files created by the shell(default option)<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-l<\/td>\n<td width=\"445\">The maximum size that can be locked into memory.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-m<\/td>\n<td width=\"445\">The maximum resident set size.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-n<\/td>\n<td width=\"445\">The maximum number of open file descriptors.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-p<\/td>\n<td width=\"445\">The pipe buffer size.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-s<\/td>\n<td width=\"445\">The maximum stack size.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-t<\/td>\n<td width=\"445\">The maximum amount of cpu time in seconds.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-u<\/td>\n<td width=\"445\">The maximum number of processes available to a single user.<\/td>\n<\/tr>\n<tr>\n<td width=\"68\">-v<\/td>\n<td width=\"445\">The maximum amount of virtual memory available to the process.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>ulimit provides control over the resources available to the shell and to processes started by it, on systems that allow such control. The soft limit is the value that the kernel enforces for the corresponding resource. The hard limit acts as a ceiling for the soft limit.<\/p>\n<p>An unprivileged process may only set its soft limit to a value in the range from 0 up to the hard limit, and (irreversibly) lower its hard limit. A privileged process can make arbitrary changes to either limit value. If limit is given, it is the new value of the specified resource. Otherwise, the current value of the soft limit for the specified resource is printed, unless the `-H&#8217; option is supplied.<\/p>\n<p>When setting new limits, if neither `-H&#8217; nor `-S&#8217; is supplied, both the hard and soft limits are set. Values are in 1024-byte increments, except for `-t&#8217;, which is in seconds, `-p&#8217;, which is in units of 512-byte blocks, and `-n&#8217; and `-u&#8217;, which are unscaled values. The return status is zero unless an invalid option is supplied, a non-numeric argument other than unlimited is supplied as a limit, or an error occurs while setting a new limit.<\/p>\n<p>To see the limits associate with your login, use the command ulimit -a. If you&#8217;re using a regular user account, you will likely see something like this:<\/p>\n<p>$ ulimit -a<\/p>\n<p>core file size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (blocks, -c) 0<\/p>\n<p>data seg size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (kbytes, -d) unlimited<\/p>\n<p>scheduling priority\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (-e) 0<\/p>\n<p>file size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (blocks, -f) unlimited<\/p>\n<p>pending signals\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(-i) 32767<\/p>\n<p>max locked memory\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (kbytes, -l) 32<\/p>\n<p>max memory size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (kbytes, -m) unlimited<\/p>\n<p>open files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (-n) 1024<\/p>\n<p>pipe size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (512 bytes, -p) 8<\/p>\n<p>POSIX message queues\u00a0\u00a0\u00a0\u00a0 (bytes, -q) 819200<\/p>\n<p>real-time priority\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(-r) 0<\/p>\n<p>stack size\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (kbytes, -s) 10240<\/p>\n<p>cpu time\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (seconds, -t) unlimited<\/p>\n<p>max user processes\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (-u) 50<\/p>\n<p>virtual memory\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (kbytes, -v) unlimited<\/p>\n<p>file locks\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (-x) unlimited<\/p>\n<p>In above output, you can&#8217;t create core dumps &#8212; because your max core file size is 0. If a process that you are running aborts, no core file is going to be dropped into your home directory. As long as the core file size is set to zero, core dumps are not allowed. This makes sense for most users since they probably wouldn&#8217;t do anything more with a core dump other than erase it, but if you need a core dump to debug problems you are running into with an application, you might want to set your core file size to unlimited &#8212; and maybe you can.<\/p>\n<p>$ ulimit -c ulimited<\/p>\n<p>$ ulimit -c<\/p>\n<p>unlimited<\/p>\n<p>If you are managing a server and want to turn on the ability to generate core dumps for all of your users &#8212; perhaps they&#8217;re developers are really need to be able to analyze these core dumps, you have to switch user to root and edit your \/etc\/security\/limits.conf (Linux) or make changes in your \/etc\/system (Solaris) file.<\/p>\n<p>If, on the other hand, you are managing a server and don&#8217;t want any of your users able to generate core dumps regardless of how much they&#8217;d like to sink their teeth into one, you can set a limit of 0 in your limits.conf.<\/p>\n<p>Example<\/p>\n<p>Limiting the number of processes that an individual can run<\/p>\n<p>$ ulimit -u<\/p>\n<p>50<\/p>\n<p>Limits can also be set up by group so that you can, say, give developers the ability to run more processes than managers. Lines like these in your limits.conf file would do that:<\/p>\n<p>@managers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hard\u00a0\u00a0 nproc\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 50<\/p>\n<p>@developers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hard\u00a0\u00a0 nproc\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 200<\/p>\n<p>If you want to limit the number of open files, you just use a different setting.<\/p>\n<p>@managers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hard\u00a0\u00a0 nofile\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2048<\/p>\n<p>@developers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hard\u00a0\u00a0 nofile\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 8192<\/p>\n<p>sbob\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0 hard\u00a0\u00a0 nofile 8192<\/p>\n<p>Here we&#8217;ve given two groups and one individual increases in their open files limits. These all set hard limits. If you set soft limits as well, the users will get warnings when they reach the lower limit.<\/p>\n<p>@developers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 soft\u00a0\u00a0 nofile\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2048<\/p>\n<p>@developers\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hard\u00a0\u00a0 nofile\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 8192<\/p>\n<p><strong>chroot<\/strong><\/p>\n<p>Chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.<\/p>\n<p>A chroot is basically a special directory on your computer which prevents applications, if run from inside that directory, from accessing files outside the directory. In many ways, a chroot is like installing another operating system inside your existing operating system.<\/p>\n<p>Technically-speaking, chroot temporarily changes the root directory (which is normally \/) to the chroot directory (for example, \/var\/chroot). As the root directory is the top of the filesystem hierarchy, applications are unable to access directories higher up than the root directory, and so are isolated from the rest of the system. This prevents applications inside the chroot from interfering with files elsewhere on your computer.<\/p>\n<p>chroot runs a command or an interactive shell from another directory, and treats that directory as root. This process is called changing root and the new root directory is referred to as chroot jail.<\/p>\n<p>Need &#8211; Changing root is commonly done for performing system maintenance on systems where booting and\/or logging in is no longer possible. Common examples are:<\/p>\n<ul>\n<li>Reinstalling the bootloader.<\/li>\n<li>Rebuilding the initramfs image.<\/li>\n<li>Upgrading or downgrading packages.<\/li>\n<li>Resetting a forgotten password.<\/li>\n<li>Isolating insecure and unstable applications<\/li>\n<li>Running 32-bit applications on 64-bit systems<\/li>\n<li>Testing new packages before installing them on the production system<\/li>\n<li>Running older versions of applications on more modern versions of Ubuntu<\/li>\n<li>Building new packages, allowing careful control over the dependency packages which are installed<\/li>\n<\/ul>\n<p>Requirements<\/p>\n<ul>\n<li>Root privilege.<\/li>\n<li>Another Linux environment, e.g. a LiveCD or USB flash media, or from another existing Linux distribution.<\/li>\n<li>Matching architecture environments; i.e. the chroot from and chroot to. The architecture of the current environment can be discovered with: uname -m (e.g. i686 or x86_64).<\/li>\n<li>Kernel modules loaded that are needed in the chroot environment.<\/li>\n<li>Swap enabled if needed &#8211; # swapon \/dev\/sdxY<\/li>\n<li>Internet connection established if needed.<\/li>\n<\/ul>\n<p>Syntax<\/p>\n<p>chroot [OPTION] NEWROOT [COMMAND [ARG]&#8230;]\n<p>chroot runs COMMAND with the root directory set to NEWROOT.<\/p>\n<p>Options<\/p>\n<p>OPTION may be one of the following:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"194\">Option<\/td>\n<td width=\"444\">Details<\/td>\n<\/tr>\n<tr>\n<td width=\"194\">&#8211;userspec=USER:GROUP<\/td>\n<td width=\"444\">specify the user and group to use. USER and GROUP may be specified by name or numeric ID.<\/td>\n<\/tr>\n<tr>\n<td width=\"194\">&#8211;groups=G_LIST<\/td>\n<td width=\"444\">specify supplementary groups as g1,g2,..,gN<\/td>\n<\/tr>\n<tr>\n<td width=\"194\">&#8211;help<\/td>\n<td width=\"444\">display a help message, and exit.<\/td>\n<\/tr>\n<tr>\n<td width=\"194\">&#8211;version<\/td>\n<td width=\"444\">output version information, and exit.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>If no command is specified, chroot executes the command &#8216;${SHELL} -i&#8217;. By default, this is &#8216;\/bin\/sh -i&#8217;. This will drop you into a sh shell as root in the NEWROOT directory.<\/p>\n<p><a href=\"https:\/\/www.vskills.in\/certification\/tutorial\/linux-administrator\/\" target=\"_blank\" rel=\"noopener noreferrer\">Back to Tutorial<\/a><\/p>\n<div class=\"apply\">\n<h3>Apply for Linux Administration Certification Now!!<\/h3>\n<p><a href=\"http:\/\/www.vskills.in\/certification\/Certified-Linux-Administrator\">http:\/\/www.vskills.in\/certification\/Certified-Linux-Administrator<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Certify and Increase Opportunity. Be Govt. Certified Linux Administrator Few common utilities helps in managing security in Linux. SetUID Three special types of permissions are available for executable files and public directories. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[291],"tags":[],"class_list":["post-22434","page","type-page","status-publish","hentry","category-linux-administration"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SetUID, ps, df, ulimit and chroot tutorials<\/title>\n<meta name=\"description\" content=\"SetUID, ps, df, ulimit and chroot tutorials\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SetUID, ps, df, ulimit and chroot tutorials\" \/>\n<meta property=\"og:description\" content=\"SetUID, ps, df, ulimit and chroot tutorials\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T08:46:55+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/\",\"name\":\"SetUID, ps, df, ulimit and chroot tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg\",\"datePublished\":\"2013-05-13T06:26:48+00:00\",\"dateModified\":\"2024-04-12T08:46:55+00:00\",\"description\":\"SetUID, ps, df, ulimit and chroot tutorials\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage\",\"url\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg\",\"contentUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SetUID, ps, df, ulimit and chroot\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SetUID, ps, df, ulimit and chroot tutorials","description":"SetUID, ps, df, ulimit and chroot tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/","og_locale":"en_US","og_type":"article","og_title":"SetUID, ps, df, ulimit and chroot tutorials","og_description":"SetUID, ps, df, ulimit and chroot tutorials","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2024-04-12T08:46:55+00:00","og_image":[{"url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg","type":"","width":"","height":""}],"twitter_misc":{"Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/","name":"SetUID, ps, df, ulimit and chroot tutorials","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage"},"thumbnailUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg","datePublished":"2013-05-13T06:26:48+00:00","dateModified":"2024-04-12T08:46:55+00:00","description":"SetUID, ps, df, ulimit and chroot tutorials","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#primaryimage","url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg","contentUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/setuid-ps-df-ulimit-and-chroot.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/setuid-ps-df-ulimit-and-chroot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"SetUID, ps, df, ulimit and chroot"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=22434"}],"version-history":[{"count":6,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22434\/revisions"}],"predecessor-version":[{"id":111695,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/22434\/revisions\/111695"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=22434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=22434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=22434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}