Shulou(Shulou.com)06/01 Report--

This article mainly introduces the Linux through the restricted bash how to create a specified authority account code detailed explanation, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.

In the daily business operation and maintenance, sometimes in order to solve problems, it is necessary to open a system account for non-operation and maintenance personnel to query logs or codes. Usually for the purpose of system security or avoiding unnecessary misoperation, account permissions will be reduced to a minimum. The following describes the operation record of creating a specified permission account through restricted bash under Linux:

[root@mq-server] # ln-s / bin/bash / bin/rbash [root@mq-server] # useradd-s / bin/rbash wangshibo [root@mq-server] # passwd wangshibo [root@mq-server] # mkdir / home/wangshibo/bin [root@mq-server] # chown root. / home/wangshibo/.bash_ profile [root @ mq-server ~] # chmod / home/wangshibo/.bash_ profile [root @ mq-server ~] # vim / home/wangshibo/.bash_profile / / copy the following content to overwrite the original content # .bash _ profile# Get the aliases and functionsif [- f ~ / .bashrc]; then. ~ / .bashrcfi # User specific environment and startup programsPATH=$HOME/binexport PATH [root@mq-server ~] # ln-s / bin/cat / home/wangshibo/bin/cat [root@mq-server ~] # ll / home/wangshibo/total 4drwxr-xr-x 2 root root 4096 Nov 25 23:38 bin [root@mq-server ~] # ll / home/wangshibo/bin/total 0lrwxrwxrwx 1 root root 8 Nov 25 23:12 cat-> / bin/cat

After setting it as above, you can find that the file permission under the wangshibo user's home directory created is root.root. Only the cat permission of the wangshibo user is set above, and only the files under the wangshibo user's home directory / home/wangshibo can be viewed by cat. Except for the cat command. No other orders can be carried out!

[wangshibo@mq-server ~] $cat / var/log/messagescat: / var/log/messages: Permission denied [wangshibo@mq-server ~] $ls-rbash: / home/wangshibo/bin/ls: No such file or directory [wangshibo@mq-server ~] $touch test-rbash: / home/wangshibo/bin/touch: No such file or directory

If you want to have the right to execute other commands in their home directory, you need to add the soft link of these commands to the / home/wangshibo/bin directory (you can view the full path of the binary command through the which command)

[root@mq-server ~] # ln-s / bin/ls / home/wangshibo/bin [root@mq-server ~] # ln-s / bin/touch / home/wangshibo/bin [root@mq-server ~] # ln-s / bin/mkdir / home/wangshibo/bin [root@mq-server ~] # ln-s / usr/bin/vim / home/wangshibo/bin/ [root@mq-server] # ll / home/wangshibo/bin/total 0lrwxrwxrwx 1 root root 8 Nov 25 23:12 cat -> / bin/catlrwxrwxrwx 1 root root 7 Nov 25 23:44 ls-> / bin/lslrwxrwxrwx 1 root root 10 Nov 25 23:45 mkdir-> / bin/mkdirlrwxrwxrwx 1 root root 10 Nov 25 23:44 touch-> / bin/touchlrwxrwxrwx 1 root root 12 Nov 25 23:45 vim-> / usr/bin/vim

In this way, the wangshibo user has the right to execute the command added above

[root@mq-server ~] # su-wangshibo [wangshibo@mq-server ~] $lsbin [wangshibo@mq-server ~] $touch test [wangshibo@mq-server ~] $mkdir ops [wangshibo@mq-server ~] $vim test [wangshibo@mq-server ~] $cat testdsfdsafsadf [wangshibo@mq-server ~] $rm-f test-rbash: rm: command not found [wangshibo@mq-server ~] $ls / usr/bin etc games include lib lib64 libexec local sbin share src tmp [wangshibo@mq-server ~] $cat / var/log/messagescat: / var/log/messages: Permission denied Thank you for reading this article carefully I hope the article "how to create account codes with specified permissions under Linux through restricted bash" shared by the editor is helpful to everyone. At the same time, I also hope that you can support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.