linux普通用户程序以root权限运行并且不用输入密码 -cattlex-ChinaUnix博客

牛Xcattlex.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

cattlex

博客访问： 596227
博文数量： 95
博客积分： 1573
博客等级：上尉
技术积分： 1030
用户组：普通用户
注册时间： 2011-12-23 10:46

个人简介

hello world!

文章分类

全部博文（95）

Linux驱动（3）
Android（4）
远程桌面（4）
桌面虚拟化（1）
Android（1）
Server（4）
输入设备（1）
RHCE（1）
Python（1）
Gnome（3）
Linux自动挂载（0）
网络（0）
GTK（1）
RPM（2）
Fireware（0）
X Windows（10）
Kernel（6）
Linux基础（37）

PAM（3）

Live OS（1）

Linux安装（5）
Python（0）
C Language（4）

zlib（1）

openssl（2）
Makefile（1）
Shell（8）
未分配的博文（3）

文章存档

2014年（1）

2013年（44）

2012年（50）

我的朋友

相关博文

linux普通用户程序以root权限运行并且不用输入密码

分类： LINUX

2013-03-05 14:38:17

查看原文：http://blog.chinaunix.net/uid-12078489-id-2960259.html

On Fedora Core 8 the normal user that has no root privilege can "shutdown","poweroff" or "reboot". So, we can take this as an example to let other program running with the power of root.

The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).
[yufei@localhost ~]$ ll /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper
[yufei@localhost ~]$ ll /usr/bin/system-config-date
lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper

[root@localhost]~# cat /etc/security/console.apps/poweroff
FALLBACK=true
[root@localhost]~# cat /etc/security/console.apps/system-config-date
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/poweroff
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth            include         config-util
account         include         config-util
session         include         config-util

Now, we give "system-config-date" the power of root.
Firstly, we backup the system-config-date:
[root@localhost]~# cp /etc/pam.d/system-config-date /root/
[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2

Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date
[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date
[root@localhost]~# cp /etc/security/console.apps/poweroff /etc/security/console.apps/system-config-date

Check the content of configure files:
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true

Try to launch the /usr/bin/system-config-date use a normal user(yufei):
[yufei@localhost ~]$ system-config-date

Failed, Because the location of system-config-date is NULL. Add it:
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py

Try again:
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecate

We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.

Now we add(append) the following lines to /etc/pam.d/system-config-date
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
auth            include         config-util
account         include         config-util

The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.
auth            include         config-util
auth       include     system-auth

[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
#auth            include         config-util
#account         include         config-util

Try to re-start the /usr/bin/system-config-date
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecated

Still no GUI.

Now add the following line to /etc/security/console.apps/system-config-date:
SESSION=true
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true

Try again. Ok, it start successfully without root's password.

EXTR: the final contents of the 2 above configure files of "system-config-date":
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth       sufficient   pam_rootok.so
auth       required     pam_console.so
#auth       include     system-auth
account    required     pam_permit.so
session         include         config-util
#auth            include         config-util
#account         include         config-util
[root@localhost]~#

阅读(2141) | 评论(0) | 转发(0) |

上一篇：Linux控制台访问、APP启用控制台访问（PAM）

下一篇：Oracle_Database_11g_标准版_企业版__下载地址_详细列表

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6