Shulou(Shulou.com)06/02 Report--

What happens when sudo users run into VI/VIM? (sudo+vi/vim=root)

An accidental personal experience, so write it down to remind yourself that there is nothing small, and keep everything (always) in mind. Vi/vim is all too familiar, maybe we use it every day, but sometimes it is easy to overlook something. When we use VIM to modify the system configuration, we discover the little secret hidden by sudo and VI/VIM after meeting each other.

In general, the installation and configuration of the server often manages the respective users, and it is rare to use ROOT users directly for server security, but sometimes in order to raise the need for permissions, the usual practice is to configure sudo users, which is convenient and fast. Especially for system class configuration files, we need to use ROOT user rights to operate. Because we have created sudo users, we can use sudo plus corresponding commands for operation, which greatly facilitates our management.

What we discuss and show today is that when we promote the rights of sudo users, we must be scientific, comprehensive review, careful again, a little omission may cause great security risks or accidents.

The following shows what can happen after the configuration sudo and VI/VIM errors meet.

Directly configuring sudo users without any restrictions is equivalent to directly building N ROOT users with no difference.

Let's see when using sudo and VI/VIM: (login test with user jerry first)

First use the ID command to check the current users and groups

Then try sudo vi cuocuocuo.txt.

After entering the VI editor, press SHIFT: then enter sh and enter enter

Let's take a look at what happened:

Isn't this the ROOT user? reconfirm.

Hard: you can use ROOT permissions directly without a ROOT password.

You can also look directly at the catalogue that you can't read (you know ROOT for other operations):

It is the same for other users to log in and follow this step, so it will not be demonstrated here.

If there is another case of misallocation or omission in the allocation of permissions, in short, sudo and VI/VIM will meet normally.

For some reason, VIM is not prohibited by mistake: (using VIM this time) assume that the original system does not have VIM, but other users have YUM and other installation rights, and then install it.

Also jerrry users:

Execute: sudo vim cuocuocuo.txt enter jerry user password

Also enter the VIM editor and press SHIFT: then enter sh and enter enter

Observe the changes:

Switched to ROOT user

Sudo+vi/vim=root

Safety is no small matter, always keep in mind

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.