{"id":151443,"date":"2019-08-01T09:34:14","date_gmt":"2019-08-01T01:34:14","guid":{"rendered":"https:\/\/lrxjmw.cn\/?p=151443"},"modified":"2019-07-23T09:19:29","modified_gmt":"2019-07-23T01:19:29","slug":"users-root-access","status":"publish","type":"post","link":"https:\/\/lrxjmw.cn\/users-root-access.html","title":{"rendered":"\u5982\u4f55\u8ba9\u666e\u901a\u7528\u6237\u83b7\u53d6root\u7528\u6237\u7684\u6743\u9650"},"content":{"rendered":"\n\n\n
\u5bfc\u8bfb<\/td>\nsudo \u662f Linux \u7cfb\u7edf\u7ba1\u7406\u6307\u4ee4\uff0c\u662f\u5141\u8bb8\u7cfb\u7edf\u7ba1\u7406\u5458\u8ba9\u666e\u901a\u7528\u6237\u6267\u884c\u4e00\u4e9b\u6216\u8005\u5168\u90e8\u7684 root \u547d\u4ee4\u7684\u4e00\u4e2a\u5de5\u5177\uff0c\u5982 halt\uff0creboot\uff0csu \u7b49\u7b49\u3002\u8fd9\u6837\u4e0d\u4ec5\u51cf\u5c11\u4e86 root \u7528\u6237\u7684\u767b\u5f55 \u548c\u7ba1\u7406\u65f6\u95f4\uff0c\u540c\u6837\u4e5f\u63d0\u9ad8\u4e86\u5b89\u5168\u6027\u3002sudo\u4e0d\u662f\u5bf9 shell \u7684\u4e00\u4e2a\u4ee3\u66ff\uff0c\u5b83\u662f\u9762\u5411\u6bcf\u4e2a\u547d\u4ee4\u7684\u3002<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
sudo \u7684\u7279\u70b9<\/strong><\/div>\n
\r\n\u9650\u5236\u7528\u6237\u6267\u884c\u6307\u5b9a\u7684\u547d\u4ee4\r\n\u8bb0\u5f55\u7528\u6237\u6267\u884c\u7684\u6bcf\u4e00\u6761\u547d\u4ee4\r\n\u914d\u7f6e\u6587\u4ef6\uff08\/etc\/sudoers\uff09\u63d0\u4f9b\u96c6\u4e2d\u7684\u7528\u6237\u7ba1\u7406\u3001\u6743\u9650\u4e0e\u4e3b\u673a\u7b49\u53c2\u6570\r\n\u9a8c\u8bc1\u5bc6\u7801\u7684\u540e5\u5206\u949f\u5185\uff08\u9ed8\u8ba4\u503c\uff09\u65e0\u987b\u518d\u8ba9\u7528\u6237\u518d\u6b21\u9a8c\u8bc1\u5bc6\u7801\r\n<\/pre>\n
\u5b9e\u6218\u6f14\u7ec3<\/strong><\/div>\n
\u73af\u5883\uff1aRed Hat Enterprise Linux Server release 7.3<\/p>\n
1. \u6d4b\u8bd5\u666e\u901a\u7528\u6237\u80fd\u5426\u5220\u9664 root \u7528\u6237\u521b\u5efa\u7684\u6587\u4ef6<\/strong><\/span><\/div>\n
\r\n[root@localhost ~]# mkdir \/test\r\n[root@localhost ~]# cd \/test\r\n[root@localhost test]# touch test.txt\r\n[root@localhost test]# mkdir test.dir\r\n[root@localhost test]# ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir\r\n-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt\r\n[root@localhost test]# id test\r\nuid=1004(test) gid=1005(test) groups=1005(test)\r\n[root@localhost test]# su - test\r\nLast login: Thu Jul 18 02:17:11 EDT 2019 on pts\/0\r\n[test@localhost ~]$ cd \/test\r\n[test@localhost test]$ ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir\r\n-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt\r\n[test@localhost test]$ rm -rf test.dir\/\r\nrm: cannot remove \u2018test.dir\/\u2019: Permission denied\r\n[test@localhost test]$ rm -rf test.txt \r\nrm: cannot remove \u2018test.txt\u2019: Permission denied\r\n[test@localhost test]$ ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir\r\n-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt\r\n<\/pre>\n
2. \u7528 visudo \u547d\u4ee4\u914d\u7f6e sudo<\/strong><\/span><\/div>\n
\r\n[root@localhost ~]# visudo\r\n# \u5728 \/etc\/sudoers \u914d\u7f6e\u6587\u4ef6\u4e2d root    ALL=(ALL)       ALL \u8fd9\u4e00\u884c\u4e0b\u9762\u52a0\u5165 test    ALL=(ALL)       ALL\r\n[root@localhost ~]# cat \/etc\/sudoers | grep ALL\r\nDefaults    env_keep += \"LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY\"\r\nroot    ALL=(ALL)       ALL\r\ntest    ALL=(ALL)       ALL\r\n# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS\r\n%wheel  ALL=(ALL)       ALL\r\n# %wheel        ALL=(ALL)       NOPASSWD: ALL\r\n%wheel  ALL=(ALL)       NOPASSWD: ALL\r\n# %users  ALL=\/sbin\/mount \/mnt\/cdrom, \/sbin\/umount \/mnt\/cdrom\r\n<\/pre>\n
3. \u666e\u901a\u7528\u6237\u7ed3\u5408 sudo \u5220\u9664 root \u7528\u6237\u7684\u6587\u4ef6<\/strong><\/span><\/div>\n
\r\n[root@localhost ~]# echo \"Jaking\" | passwd --stdin test\r\nChanging password for user test.\r\npasswd: all authentication tokens updated successfully.\r\n[root@localhost ~]# su - test\r\nLast login: Thu Jul 18 02:34:50 EDT 2019 on pts\/0\r\n[test@localhost ~]$ cd \/test\/\r\n[test@localhost test]$ ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 02:19 test.dir\r\n-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt\r\n[test@localhost test]$ rm -rf test.dir\/\r\nrm: cannot remove \u2018test.dir\/\u2019: Permission denied\r\n[test@localhost test]$ rm -rf test.txt \r\nrm: cannot remove \u2018test.txt\u2019: Permission denied\r\n[test@localhost test]$ sudo rm -rf test.dir\/\r\n[sudo] password for test: \r\n[test@localhost test]$ ll\r\ntotal 0\r\n-rw-r--r--. 1 root root 0 Jul 18 02:19 test.txt\r\n[test@localhost test]$ sudo rm -rf test.txt \r\n[test@localhost test]$ ll\r\ntotal 0\r\n<\/pre>\n
4. sudo \u514d\u5bc6\u914d\u7f6e<\/strong><\/span><\/div>\n
\r\n[test@localhost test]$ sudo cat \/etc\/shadow\r\n[sudo] password for test: \r\nroot:$6$YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF\/::0:99999:7:::\r\nbin:*:16925:0:99999:7:::\r\ndaemon:*:16925:0:99999:7:::\r\nadm:*:16925:0:99999:7:::\r\n***\u7701\u7565\u90e8\u5206\u8f93\u51fa\u4fe1\u606f***\r\n[test@localhost test]$ id test2\r\nuid=1006(test2) gid=1007(test2) groups=1007(test2)\r\n[root@localhost ~]# visudo\r\n# \u5728 \/etc\/sudoers \u914d\u7f6e\u6587\u4ef6\u4e2d %wheel  ALL=(ALL)       NOPASSWD: ALL \u8fd9\u4e00\u884c\u7684\u4e0b\u9762 \u52a0\u5165test ALL=(ALL)       NOPASSWD: ALL\r\n[root@localhost ~]# cat \/etc\/sudoers | grep NOPASSWD\r\n# %wheel        ALL=(ALL)       NOPASSWD: ALL\r\n%wheel  ALL=(ALL)       NOPASSWD: ALL\r\ntest ALL=(ALL)       NOPASSWD: ALL\r\n[test@localhost ~]$ sudo cat \/etc\/shadow\r\n# \u7528\u666e\u901a\u7528\u6237\u67e5\u770b \/etc\/shadow \u6587\u4ef6\u5df2\u7ecf\u4e0d\u9700\u8981\u518d\u8f93\u5165\u5f53\u524d\u767b\u5f55\u7528\u6237\u7684\u5bc6\u7801\r\nroot:$6$YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF\/::0:99999:7:::\r\nbin:*:16925:0:99999:7:::\r\ndaemon:*:16925:0:99999:7:::\r\nadm:*:16925:0:99999:7:::\r\n***\u7701\u7565\u90e8\u5206\u8f93\u51fa\u4fe1\u606f***\r\n<\/pre>\n
5. \u914d\u7f6e sudo \u7684\u90e8\u5206\u6743\u9650<\/strong><\/span><\/div>\n
\r\n[root@localhost ~]# cd \/tmp\r\n[root@localhost tmp]# rm -rf *\r\n[root@localhost tmp]# ll\r\ntotal 0\r\n[root@localhost tmp]# touch file\r\n[root@localhost tmp]# mkdir dir\r\n[root@localhost tmp]# ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 03:01 dir\r\n-rw-r--r--. 1 root root 0 Jul 18 03:01 file\r\n[root@localhost tmp]# whereis cat\r\ncat: \/usr\/bin\/cat \/usr\/share\/man\/man1\/cat.1.gz\r\n[root@localhost tmp]# visudo\r\n# \u628a \/etc\/sudoers \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 test    ALL=(ALL)       ALL \u6539\u4e3a test    ALL=(ALL)       \/usr\/bin\/cat\r\n[root@localhost ~]# cat \/etc\/sudoers | grep cat\r\n## Updating the locate database\r\n# Defaults specification\r\n# Preserving HOME has security implications since many programs\r\ntest    ALL=(ALL)       \/usr\/bin\/cat\r\n[root@localhost ~]# su - test\r\nLast login: Thu Jul 18 03:06:55 EDT 2019 on pts\/0\r\n[test@localhost ~]$ sudo cat \/etc\/shadow\r\n# \u7ed9 test \u7528\u6237\u914d\u7f6e\u4e86\u67e5\u770b\u6743\u9650\r\nroot:$6$YZrm6scxO5zzICbR$fOzORb.0Ib9POZzJmrnzOGDqfFySp8X.9p5QpcpnJXWHIJvZcFpXQONyNigwrZbhXtyfnFn5F1mJsdkXS3jEF\/::0:99999:7:::\r\nbin:*:16925:0:99999:7:::\r\ndaemon:*:16925:0:99999:7:::\r\nadm:*:16925:0:99999:7:::\r\n***\u7701\u7565\u90e8\u5206\u8f93\u51fa\u4fe1\u606f***\r\n[test@localhost ~]$ cd \/tmp\r\n[test@localhost tmp]$ ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 03:06 dir\r\n-rw-r--r--. 1 root root 0 Jul 18 03:01 file\r\n[test@localhost tmp]$ rm -rf dir\r\n# test \u7528\u6237\u5df2\u7ecf\u6ca1\u6709\u4e86\u5220\u9664\u6743\u9650\r\nrm: cannot remove \u2018dir\u2019: Permission denied\r\n[test@localhost tmp]$ rm -rf file \r\n# test \u7528\u6237\u5df2\u7ecf\u6ca1\u6709\u4e86\u5220\u9664\u6743\u9650\r\nrm: cannot remove \u2018file\u2019: Permission denied\r\n[test@localhost tmp]$ ll\r\ntotal 0\r\ndrwxr-xr-x. 2 root root 6 Jul 18 03:06 dir\r\n-rw-r--r--. 1 root root 0 Jul 18 03:01 file\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u9650\u5236\u7528\u6237\u6267\u884c\u6307\u5b9a\u7684\u547d\u4ee4 \u8bb0\u5f55\u7528\u6237\u6267\u884c\u7684\u6bcf\u4e00\u6761\u547d\u4ee4 \u914d\u7f6e\u6587\u4ef6\uff08\/etc\/sudoers\uff09\u63d0\u4f9b\u96c6\u4e2d\u7684\u7528\u6237\u7ba1\u7406\u3001\u6743\u9650 […]<\/p>\n","protected":false},"author":63,"featured_media":151444,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-151443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/151443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=151443"}],"version-history":[{"count":5,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/151443\/revisions"}],"predecessor-version":[{"id":151653,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/151443\/revisions\/151653"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/151444"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=151443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=151443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=151443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}