How does linux provide ordinary users with the rights of root users? 04/20 Update SLTechnology News&Howtos

How does linux provide ordinary users with the rights of root users?

2025-04-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article mainly explains "how linux gives ordinary users access to root users". Friends who are interested may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how linux gives ordinary users access to root users"!

Characteristics of sudo

Restrict user execution of specified commands record each command profile (/ etc/sudoers) that the user executes provides centralized user management, permissions, and host parameters to verify the password within 5 minutes (default value) no longer need to let the user verify the password again

Actual combat exercise

Environment: Red Hat Enterprise Linux Server release 7.3

1. Test whether ordinary users can delete files created by root users

[root@localhost ~] # mkdir / test [root@localhost ~] # cd / test [root@localhost test] # touch test.txt [root@localhost test] # mkdir test.dir [root@localhost test] # lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt [root@localhost test] # id testuid=1004 (test) gid=1005 (test) groups=1005 (test) [root@localhost test] # su-testLast login: Thu Jul 18 02:17:11 EDT 2019 on pts/0 [test@localhost] $cd / test [test@localhost test] $lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt [test@localhost test] $rm-rf test.dir/rm: cannot remove 'test.dir/': Permission denied [test@localhost test] $rm-rf test.txt rm: cannot remove' test.txt': Permission denied [test@localhost test] $lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt

two。 Configure sudo with the visudo command

[root@localhost ~] # visudo# add test ALL= (ALL) ALL [root@localhost ~] # cat / etc/sudoers under the line root ALL= (ALL) ALL in / etc/sudoers configuration file | grep ALLDefaults env_keep + = "LC_TIME LC_ALL LANGUAGE LINGUAS _ XKB_CHARSET XAUTHORITY" root ALL= (ALL) ALLtest ALL= (ALL) ALL#% sys ALL= NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE DRIVERS%wheel ALL= (ALL) ALL#% wheel ALL= (ALL) NOPASSWD: ALL%wheel ALL= (ALL) NOPASSWD: ALL#% users ALL=/sbin/mount / mnt/cdrom, / sbin/umount / mnt/cdrom

3. Ordinary users delete files of root users in combination with sudo

[root@localhost ~] # echo "Jaking" | passwd-- stdin testChanging password for user test.passwd: all authentication tokens updated successfully. [root@localhost ~] # su-testLast login: Thu Jul 18 02:34:50 EDT 2019 on pts/0 [test@localhost ~] $cd / test/ [test@localhost test] $lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt [test@localhost test] $rm-rf test.dir/rm: cannot remove 'test.dir/': Permission denied [test@localhost test] $rm-rf test.txt rm: cannot remove' test.txt': Permission denied [test@localhost test] $sudo rm-rf test.dir/ [sudo] password for test: [test@localhost test] $lltotal RWMurray Rafael. 1 root root 0 Jul 18 02:19 test.txt [test@localhost test] $sudo rm-rf test.txt [test@localhost test] $lltotal 0

4. Sudo secret-free configuration

[test@localhost test] $sudo cat / etc/shadow [sudo] password for test: root:$6 $YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF/::0:99999:7:::bin:*:16925:0:99999:7:::daemon:*:16925:0:99999:7:::adm:*:16925:0:99999:7:::*** omits some output information * [test@localhost test] $id test2uid=1006 (test2) gid=1007 (test2) groups=1007 (test2) [root@localhost ~] # visudo# add test ALL= (ALL) NOPASSWD: ALL [root@localhost ~] # cat / etc/sudoers under the line% wheel ALL= (ALL) NOPASSWD: ALL in / etc/sudoers configuration file | grep NOPASSWD#% wheel ALL= (ALL) NOPASSWD: ALL%wheel ALL= (ALL) NOPASSWD: ALLtest ALL= (ALL) NOPASSWD: ALL [test@localhost ~] $sudo cat / etc/shadow# Users no longer need to enter the password of the currently logged-in user root:$6 $YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF/::0:99999:7:::bin:*:16925:0:99999:7:::daemon:*:16925:0:99999:7:::adm:*:16925:0:99999:7:::*** to view the / etc/shadow file to omit part of the output information *

5. Configure some permissions for sudo

[root@localhost ~] # cd / tmp [root@localhost tmp] # rm-rf * [root@localhost tmp] # lltotal 0 [root@localhost tmp] # touch file [root@localhost tmp] # mkdir dir [root@localhost tmp] # lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 03:01 dir-rw-r--r--. 1 root root 0 Jul 18 03:01 file [root@localhost tmp] # whereis catcat: / usr/bin/cat / usr/share/man/man1/cat.1.gz [root@localhost tmp] # visudo# change test ALL= (ALL) ALL in / etc/sudoers configuration file to test ALL= (ALL) / usr/bin/cat [root@localhost ~] # cat / etc/sudoers | grep cat## Updating the locate database# Defaults specification# Preserving HOME has security Implications since many programstest ALL= (ALL) / usr/bin/cat [root@localhost ~] # su-testLast login: Thu Jul 18 03:06:55 EDT 2019 on pts/0 [test@localhost ~] $sudo cat / etc/shadow# test user is configured with view permission root:$6 $YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF/::0:99999:7:::bin:*:16925:0:99999:7:::daemon:*:16925:0:99999:7:::adm:* 16925 test@localhost 0 test@localhost tmp 99999 7 kinds of lltotal 0drwxr-xr-x * omit some output information * * [tmp ~] $output / tmp [test@localhost tmp] $output. 2 root root 6 Jul 18 03:06 dir-rw-r--r--. 1 root root 0 Jul 18 03:01 file [test@localhost tmp] $rm-rf dir# test user no longer has delete permission rm: cannot remove 'dir': Permission denied [test@localhost tmp] $rm-rf file # test user has no delete permission rm: cannot remove' file': Permission denied [test@localhost tmp] $lltotal 0drwxr-xr-x. 2 root root 6 Jul 18 03:06 dir-rw-r--r--. 1 root root 0 Jul 18 03:01 file here, I believe you have a deeper understanding of "linux how to provide ordinary users with root user rights", you might as well to actually do it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.