Command Manual: Linux system SU command

Users who use Linux often encounter many commands. Do you fully understand these commands? I don't know the relationship. Here we will explain the Linux system commands for you. I hope you can be familiar with the Linux system SU command.

First, let's look at su-run a shell with substitute userand group IDs on the man help page. That is to say, through su, we can start a shell program without providing users and group names. Su is a binary executable file. The path of the command file is/bin/su. The following command is used to query the type and path of the su file:

Example 1:

 
 

  
  
islab$ which su  
  
  
/bin/su 
 
 

Example 2:

 
 

  
  
islab$ file /bin/su  
  
  
/bin/su ： setuid ELF 32-bit LSB shared object， Intel 80386， version1 SYSV）， for GNU/Linux 2.6.9， stripped  
 
 

Example 3:

Islab $ ll/bin/su
-Rwsr-xr-x 1 root 24060 Jan 10 2007/bin/su

In Example 3 and example 2, we can see that su is a setuid program. The setuid bit can be set using chmodu + s. For example, if ls displays the property of the su file owner, the setuid bit is used.) in this case, su can obtain higher permissions than its owner. That is to say, when su is running, your permissions are elevated, which is equivalent to root permissions.

In Example 3, we can see that the file type is ELF 32-bit LSB shared object with the setuid bit). That is to say, the program needs a function library like libc and also uses the ELF interpreter, comply with LSB specifications.

Question 1: normal users can copy su commands from other machines.

A: They can copy su commands from other machines, but they will not be able to correctly set su permissions, such as chown root and chmod u + s. Therefore, the copied su does not work properly.

Question 2: How to prevent common users from executing the su command.

A:

1 ). You can create a special group. Only Group members can execute the su command.

 
 

  
  
islab# groupadd wheel  
  
  
islab# useradd wheel  
  
  
islab# chown root ：mysql /bin/bash  
  
  
islab# chmod 4750 /bin/su 
 
 

2 ). Only the root user can execute the su command.

Islab # chmod 4700/bin/su

3 ). Using the pam library, only the members of the wheel group can execute the su command. In the following example, the zhake account is added to the wheel group.

 
 

  
  
islab# groupadd wheel  
  
  
islab# useradd wheel  
  
  
islab# usermod -G wheel zhaoke  
  
  
islab# ll /lib/security/pam_wheel.so  
  
  
-rwxr-xr-x 1 root root 5692 Feb 22 2007 /lib/security/pam_wheel.so  
  
  
islab# vi /etc/pam.d/su 
 
 

Add the following line of auth required/lib/security/pam_wheel.so use_uid

Then save and exit the su configuration file.

Question 3: although a common user cannot execute the su command, the root password may be obtained through brute force attacks.

A: normal users can perform brute force attacks on the root account in shell or ssh mode. We can consider using some security tools such as pam_abl to protect ssh. Pam_abl will be able to temporarily block accounts with incorrect logon within the set time. Of course, common users can also escalate permissions through program vulnerabilities, such as buffer overflow.

The above are some security suggestions for Linux system SU commands.