have root privileges to allow the normal user to have root privileges

have root privileges to allow the normal user to have root privileges

I. practice.

(1). The first type is the most common sudo command. This command allows the normal user to have administrative privileges, and/etc/sudoers is the configuration file for the sudo command.

In the configuration file, its basic format is

user Machine=command     

User: The authorized username, or the format of the group name "% Group name" can be authorized.

Machine: This is the host name

Command: To authorize commands, the full path of the command must be filled in.

Adding Tom All=all to the configuration file allows Tom to have root privileges on the user.

(2). This time we're going to talk about chmod special permissions in this command setuid.

The role of setuid

1. The ability to allow normal users to execute commands temporarily gets root privileges

2. In the results shown when executing the LS-LD command, the file owner has an S permission of setuid

For example: [[email protected] ~]# LS-LD/USR/BIN/PASSWD

-rwsr-xr-x. 1 root root 30768 February 2012/usr/bin/passwd

3.SetUID can only be valid for binary files.

Let me show you a little bit.       

[Email protected] ~]# chmod 4755/bin/chmod

[Email protected] ~]# Ls-ld/bin/chmod

-rwsr-xr-x. 1 root root 48712 June 2012/bin/chmod

As above this command means let chmod this command have setuid (abbreviation suid) permission. What does that mean? This is supposed to make chmod this command available to ordinary users. Speaking of this, we should ask the chmod command itself can let the ordinary user execution, how still learn to set it as SUID permission?

This is because the ordinary user, with the suid permission of the chmod command to authorize other only root can use the command.

For example, I want to use the FDISK command as follows:

[email protected] ~]$ Whereis fdisk

Fdisk:/sbin/fdisk/usr/share/man/man8/fdisk.8.gz

[Email protected] ~]$ Ls-ld/sbin/fdisk

-rwxr-xr-x. 1 root root 101288 February 2013/sbin/fdisk

[ email protected] ~]$ chmod u+s/sbin/fdisk or [[email protected] ~]$ chmod 4755/sbin/fdisk

[Email protected] ~]$ Ls-ld/sbin/fdisk

-rwsr-r-x. 1 root root 101288 February 2013/sbin/fdisk

The whereis command means finding a file, or you can find a command. Then check that it's permission is 755, give this command to suid permission, this command mmm this ordinary user can use.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/8D/wKiom1WfejmQ7xUkAALe2oh9Z8g643.jpg "title=" Picture 1.png "alt=" Wkiom1wfejmq7xukaale2oh9z8g643.jpg "/>

What command you want to use, but this also has a disadvantage, is that the system has SUID permissions are not used in ordinary users.

For example, passwd command:

[Email protected] ~]$ LS-LD/USR/BIN/PASSWD

-rwsr-xr-x. 1 root root 30768 February 2012/usr/bin/passwd

This is the system itself has SUID permissions

[Email protected] ~]$ passwd root

passwd: Only the root user can specify the user name.

But passwd can have the ability to change the password.

have root privileges to allow the normal user to have root privileges