查看原文:http://blog.chinaunix.net/uid-12078489-id-2960259.html
On Fedora Core 8 the normal user that has no root privilege can "shutdown","poweroff" or "reboot". So, we can take this as an example to let other program running with the power of root.
The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).
[yufei@localhost ~]$ ll /usr/bin/poweroff
lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper
[yufei@localhost ~]$ ll /usr/bin/system-config-date
lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper
[root@localhost]~# cat /etc/security/console.apps/poweroff
FALLBACK=true
[root@localhost]~# cat /etc/security/console.apps/system-config-date
USER=root
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/poweroff
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
#auth include system-auth
account required pam_permit.so
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth include config-util
account include config-util
session include config-util
Now, we give "system-config-date" the power of root.
Firstly, we backup the system-config-date:
[root@localhost]~# cp /etc/pam.d/system-config-date /root/
[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2
Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date
[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date
[root@localhost]~# cp /etc/security/console.apps/poweroff /etc/security/console.apps/system-config-date
Check the content of configure files:
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
#auth include system-auth
account required pam_permit.so
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
Try to launch the /usr/bin/system-config-date use a normal user(yufei):
[yufei@localhost ~]$ system-config-date
Failed, Because the location of system-config-date is NULL. Add it:
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
Try again:
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecate
We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.
Now we add(append) the following lines to /etc/pam.d/system-config-date
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
#auth include system-auth
account required pam_permit.so
session include config-util
auth include config-util
account include config-util
The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.
auth include config-util
auth include system-auth
[root@localhost]~# vim /etc/pam.d/system-config-date
[yufei@localhost ~]$ cat /etc/pam.d/system-config-date
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
#auth include system-auth
account required pam_permit.so
session include config-util
#auth include config-util
#account include config-util
Try to re-start the /usr/bin/system-config-date
[yufei@localhost ~]$ system-config-date
No protocol specified
Text mode interface is deprecated
Still no GUI.
Now add the following line to /etc/security/console.apps/system-config-date:
SESSION=true
[root@localhost]~# vim /etc/security/console.apps/system-config-date
[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
Try again. Ok, it start successfully without root's password.
EXTR: the final contents of the 2 above configure files of "system-config-date":
[root@localhost]~# cat /etc/security/console.apps/system-config-date
FALLBACK=true
PROGRAM=/usr/share/system-config-date/system-config-date.py
SESSION=true
[root@localhost]~# cat /etc/pam.d/system-config-date
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
#auth include system-auth
account required pam_permit.so
session include config-util
#auth include config-util
#account include config-util
[root@localhost]~#
阅读(2141) | 评论(0) | 转发(0) |