Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1473540
  • 博文数量: 823
  • 博客积分: 10000
  • 博客等级: 上将
  • 技术积分: 5002
  • 用 户 组: 普通用户
  • 注册时间: 2008-08-28 17:39
文章分类

全部博文(823)

文章存档

2011年(1)

2008年(822)

我的朋友

分类: LINUX

2008-08-28 17:52:41

 
OnFedoraCore8thenormaluserthathasnorootprivilegecan"shutdown","poweroff"or"reboot".So,wecantakethisasanexampletoletotherprogramrunningwiththepowerofroot.

Theoriginalcontentof/usr/bin/system-config-date(onlytherootcanrejustthedateandtime)&/usr/bin/poweroff(anyonecanpoweroff).
[yufei@localhost~]$ll/usr/bin/poweroff
lrwxrwxrwx1rootroot132007-11-2805:41/usr/bin/poweroff->consolehelper
[yufei@localhost~]$ll/usr/bin/system-config-date
lrwxrwxrwx1rootroot132007-11-2806:06/usr/bin/system-config-date->consolehelper

[root@localhost]~#cat/etc/security/console.apps/poweroff
FALLBACK=true
[root@localhost]~#cat/etc/security/console.apps/system-config-date
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~#cat/etc/pam.d/poweroff
#%PAM-1.0
authsufficientpam_rootok.so
authrequiredpam_console.so
#authincludesystem-auth
accountrequiredpam_permit.so
[root@localhost]~#cat/etc/pam.d/system-config-date
#%PAM-1.0
authincludeconfig-util
accountincludeconfig-util
sessionincludeconfig-util

Now,wegive"system-config-date"thepowerofroot.
Firstly,webackupthesystem-config-date:
[root@localhost]~#cp/etc/pam.d/system-config-date/root/
[root@localhost]~#cp/etc/security/console.apps/system-config-date/root/system-config-date2

Ok,nowwecopythe"power"of/usr/bin/poweroffto/usr/bin/system-config-date
[root@localhost]~#cp/etc/pam.d/poweroff/etc/pam.d/system-config-date
[root@localhost]~#cp/etc/security/console.apps/poweroff/etc/security/console.apps/system-config-date

Checkthecontentofconfigurefiles:
[root@localhost]~#cat/etc/pam.d/system-config-date
#%PAM-1.0
authsufficientpam_rootok.so
authrequiredpam_console.so
#authincludesystem-auth
accountrequiredpam_permit.so
[root@localhost]~#cat/etc/security/console.apps/system-config-date
FALLBACK=true

Trytolaunchthe/usr/bin/system-config-dateuseanormaluser(yufei):
[yufei@localhost~]$system-config-date

Failed,Becausethelocationofsystem-config-dateisNULL.Addit:
[root@localhost]~#vim/etc/security/console.apps/system-config-date
[yufei@localhost~]$cat/etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py

Tryagain:
[yufei@localhost~]$system-config-date
Noprotocolspecified
Textmodeinterfaceisdeprecate

Wecanuse"/usr/bin/system-config-date"withouttheroot''spasswordnow.But,thisisonlytextmode.

Nowweadd(append)thefollowinglinesto/etc/pam.d/system-config-date
[root@localhost]~#vim/etc/pam.d/system-config-date
[yufei@localhost~]$cat/etc/pam.d/system-config-date
#%PAM-1.0
authsufficientpam_rootok.so
authrequiredpam_console.so
#authincludesystem-auth
accountrequiredpam_permit.so
sessionincludeconfig-util
authincludeconfig-util
accountincludeconfig-util

Theresultis:withthefollowinglines,youhavetoinputthepasswordofroot.SoweeditoutthemandTryagain.
authincludeconfig-util
authincludesystem-auth

[root@localhost]~#vim/etc/pam.d/system-config-date
[yufei@localhost~]$cat/etc/pam.d/system-config-date
#%PAM-1.0
authsufficientpam_rootok.so
authrequiredpam_console.so
#authincludesystem-auth
accountrequiredpam_permit.so
sessionincludeconfig-util
#authincludeconfig-util
#accountincludeconfig-util

Trytore-startthe/usr/bin/system-config-date
[yufei@localhost~]$system-config-date
Noprotocolspecified
Textmodeinterfaceisdeprecated

StillnoGUI.

Nowaddthefollowinglineto/etc/security/console.apps/system-config-date:
SESSION=true
[root@localhost]~#vim/etc/security/console.apps/system-config-date
[yufei@localhost~]$cat/etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true

Tryagain.Ok,itstartsuccessfullywithoutroot''spassword.

EXTR:thefinalcontentsofthe2aboveconfigurefilesof"system-config-date":
[root@localhost]~#cat/etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~#cat/etc/pam.d/system-config-date
#%PAM-1.0
authsufficientpam_rootok.so
authrequiredpam_console.so
#authincludesystem-auth
accountrequiredpam_permit.so
sessionincludeconfig-util
#authincludeconfig-util
#accountincludeconfig-util
[root@localhost]~#

linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)linux普通用户程序以root权限运行并且不用输入密码(pam VS. setuid)
阅读(1127) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~