加载中…linux普通用户程序以root权限运行并且不用输入密码
(2013-06-24 14:04:50)
标签:
linux计算机技术it |
分类: IT技术 |
On
Fedora Core 8 the normal user that has no root privilege can
"shutdown","poweroff" or "reboot". So, we can take this as an
example to let other program running with the power of
root.
The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).
[yufei@localhost ~]$ ll /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper
[yufei@localhost ~]$ ll /usr/bin/system-config-date
lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper
[root@localhost]~# cat /etc/security/console.apps/poweroff
FALLBACK=true
[root@localhost]~# cat /etc/security/console.apps/system-config-date
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/poweroff
#%PAM-1.0
auth
sufficient
pam_rootok.so
auth
required
pam_console.so
#auth
include
system-auth
account
required
pam_permit.so
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
include
config-util
account
include
config-util
session
include
config-util
Now, we give "system-config-date" the power of root.
Firstly, we backup the system-config-date:
[root@localhost]~# cp /etc/pam.d/system-config-date /root/
[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2
Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date
[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date
[root@localhost]~# cp /etc/security/console.apps/poweroff/etc/security/console.apps/system-config-date
Check the content of configure files:
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
sufficient
pam_rootok.so
auth
required
pam_console.so
#auth
include
system-auth
account
required
pam_permit.so
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
Try to launch the /usr/bin/system-config-date use a normal user(yufei):
[yufei@localhost ~]$ system-config-date
Failed, Because the location of system-config-date is NULL. Add it:
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
Try again:
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecate
We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.
Now we add(append) the following lines to /etc/pam.d/system-config-date
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
sufficient
pam_rootok.so
auth
required
pam_console.so
#auth
include
system-auth
account
required
pam_permit.so
session
include
config-util
auth
include
config-util
account
include
config-util
The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.
auth
include
config-util
auth
include
system-auth
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
sufficient
pam_rootok.so
auth
required
pam_console.so
#auth
include
system-auth
account
required
pam_permit.so
session
include
config-util
#auth
include
config-util
#account
include
config-util
Try to re-start the /usr/bin/system-config-date
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecated
Still no GUI.
Now add the following line to /etc/security/console.apps/system-config-date:
SESSION=true
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
Try again. Ok, it start successfully without root's password.
EXTR: the final contents of the 2 above configure files of "system-config-date":
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
sufficient
pam_rootok.so
auth
required
pam_console.so
#auth
include
system-auth
account
required
pam_permit.so
session
include
config-util
#auth
include
config-util
#account
include
config-util
[root@localhost]~#
The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).
[yufei@localhost ~]$ ll /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper
[yufei@localhost ~]$ ll /usr/bin/system-config-date
lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper
[root@localhost]~# cat /etc/security/console.apps/poweroff
FALLBACK=true
[root@localhost]~# cat /etc/security/console.apps/system-config-date
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/poweroff
#%PAM-1.0
auth
auth
#auth
account
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
account
session
Now, we give "system-config-date" the power of root.
Firstly, we backup the system-config-date:
[root@localhost]~# cp /etc/pam.d/system-config-date /root/
[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2
Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date
[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date
[root@localhost]~# cp /etc/security/console.apps/poweroff
Check the content of configure files:
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
auth
#auth
account
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
Try to launch the /usr/bin/system-config-date use a normal user(yufei):
[yufei@localhost ~]$ system-config-date
Failed, Because the location of system-config-date is NULL. Add it:
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
Try again:
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecate
We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.
Now we add(append) the following lines to /etc/pam.d/system-config-date
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
auth
#auth
account
session
auth
account
The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.
auth
auth
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
auth
#auth
account
session
#auth
#account
Try to re-start the /usr/bin/system-config-date
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecated
Still no GUI.
Now add the following line to /etc/security/console.apps/system-config-date:
SESSION=true
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
Try again. Ok, it start successfully without root's password.
EXTR: the final contents of the 2 above configure files of "system-config-date":
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth
auth
#auth
account
session
#auth
#account
[root@localhost]~#
喜欢
0
赠金笔
前一篇:linux配置IP方法
后一篇:[转载]NTOP 局域网流量监控