Chinaunix首页 | 论坛 | 博客
  • 博客访问: 597191
  • 博文数量: 95
  • 博客积分: 1573
  • 博客等级: 上尉
  • 技术积分: 1030
  • 用 户 组: 普通用户
  • 注册时间: 2011-12-23 10:46
个人简介

hello world!

文章分类

全部博文(95)

文章存档

2014年(1)

2013年(44)

2012年(50)

分类: LINUX

2013-03-05 14:38:17

查看原文:http://blog.chinaunix.net/uid-12078489-id-2960259.html

On Fedora Core 8 the normal user that has no root privilege can "shutdown","poweroff" or "reboot". So, we can take this as an example to let other program running with the power of root.

The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).
[yufei@localhost ~]$ ll /usr/bin/poweroff 
lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper
[yufei@localhost ~]$ ll /usr/bin/system-config-date 
lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper

[root@localhost]~# cat /etc/security/console.apps/poweroff 

FALLBACK=true
[root@localhost]~# cat /etc/security/console.apps/system-config-date 
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/poweroff 
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
[root@localhost]~# cat /etc/pam.d/system-config-date 
#%PAM-1.0
auth            include         config-util
account         include         config-util
session         include         config-util

Now, we give "system-config-date" the power of root.

Firstly, we backup the system-config-date:
[root@localhost]~# cp /etc/pam.d/system-config-date /root/    
[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2

Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date
[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date 
[root@localhost]~# cp /etc/security/console.apps/poweroff /etc/security/console.apps/system-config-date 

Check the content of configure files:
[root@localhost]~# cat /etc/pam.d/system-config-date 
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
[root@localhost]~# cat /etc/security/console.apps/system-config-date 
FALLBACK=true

Try to launch the /usr/bin/system-config-date use a normal user(yufei):
[yufei@localhost ~]$ system-config-date 

Failed, Because the location of system-config-date is NULL. Add it:
[root@localhost]~# vim /etc/security/console.apps/system-config-date           
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date 

FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py

Try again:
[yufei@localhost ~]$ system-config-date 
No protocol specified
Text mode interface is deprecate

We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.

Now we add(append) the following lines to /etc/pam.d/system-config-date 
[root@localhost]~# vim /etc/pam.d/system-config-date 
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date 

#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
auth            include         config-util
account         include         config-util

The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.
auth            include         config-util
auth       include     system-auth

[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date 

#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
#auth            include         config-util
#account         include         config-util

Try to re-start the /usr/bin/system-config-date
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecated

Still no GUI.

Now add the following line to /etc/security/console.apps/system-config-date:

SESSION=true
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date 

FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true

Try again. Ok, it start successfully without root's password.

EXTR: the final contents of the 2 above configure files of "system-config-date":
[root@localhost]~# cat /etc/security/console.apps/system-config-date 
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/system-config-date 
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
#auth            include         config-util
#account         include         config-util
[root@localhost]~#
阅读(2144) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~