{"id":47059,"date":"2023-05-29T09:59:37","date_gmt":"2023-05-29T01:59:37","guid":{"rendered":"http:\/\/lrxjmw.cn\/?p=47059"},"modified":"2023-05-29T09:59:37","modified_gmt":"2023-05-29T01:59:37","slug":"sudo-skills","status":"publish","type":"post","link":"https:\/\/lrxjmw.cn\/sudo-skills.html","title":{"rendered":"Linux\u4e2d\u8bbe\u7f6e’sudo’\u768410\u4e2a\u5c0f\u6280\u5de7"},"content":{"rendered":"\n\n\n
\u5bfc\u8bfb<\/td>\n\u5728Linux\u548c\u5176\u4ed6\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\u4e2d\uff0c\u53ea\u6709root\u7528\u6237\u53ef\u4ee5\u8fd0\u884c\u6240\u6709\u547d\u4ee4\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u67d0\u4e9b\u5173\u952e\u64cd\u4f5c\uff0c\u5982\u5b89\u88c5\u548c\u66f4\u65b0\uff0c\u5220\u9664\u5305\uff0c\u521b\u5efa\u7528\u6237\u548c\u7ec4\uff0c\u4fee\u6539\u91cd\u8981\u7684\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002<\/strong>\u7136\u800c\uff0c\u627f\u62c5root\u7528\u6237\u89d2\u8272\u7684\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5141\u8bb8\u5176\u4ed6\u6b63\u5e38\u7cfb\u7edf\u7528\u6237\u5728sudo\u547d\u4ee4\u548c\u51e0\u4e2a\u914d\u7f6e\u7684\u5e2e\u52a9\u4e0b\u8fd0\u884c\u67d0\u4e9b\u547d\u4ee4\u4ee5\u53ca\u6267\u884c\u5305\u62ec\u4e0a\u8ff0\u7684\u4e00\u4e9b\u91cd\u8981\u7cfb\u7edf\u64cd\u4f5c\u3002\u6216\u8005\uff0c\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5171\u4eabroot\u7528\u6237\u5bc6\u7801\uff08\u8fd9\u4e0d\u662f\u63a8\u8350\u7684\u65b9\u6cd5\uff09\uff0c\u4ee5\u4fbf\u6b63\u5e38\u7cfb\u7edf\u7528\u6237\u53ef\u4ee5\u901a\u8fc7su\u547d\u4ee4\u8bbf\u95eeroot\u7528\u6237\u5e10\u6237\u3002<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n

sudo\u5141\u8bb8\u7528\u6237\u4ee5root\u7528\u6237\u8eab\u4efd\uff08\u6216\u53e6\u4e00\u4e2a\u7528\u6237\uff09\u6267\u884c\u5b89\u5168\u7b56\u7565\u6307\u5b9a\u7684\u547d\u4ee4\uff1a\u5b83\u8bfb\u53d6\u5e76\u89e3\u6790\/etc sudoers\uff0c\u67e5\u627e\u8c03\u7528\u7684\u7528\u6237\u53ca\u5176\u6743\u9650\uff0c\u7136\u540e\u63d0\u793a\u8c03\u7528\u7528\u6237\u8f93\u5165\u5bc6\u7801\uff08\u901a\u5e38\u662f\u7528\u6237\u7684\u5bc6\u7801\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u76ee\u6807\u7528\u6237\u7684\u5bc6\u7801\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528NOPASSWD\u53d6\u6d88\u5bc6\u7801\u9a8c\u8bc1\uff09\uff0c\u4e4b\u540e\uff0csudo\u521b\u5efa\u4e00\u4e2a\u5b50\u8fdb\u7a0b\uff0c\u5728\u5176\u4e2d\u8c03\u7528setuid\uff08\uff09\u5207\u6362\u5230\u76ee\u6807\u7528\u6237next\uff0c\u5b83\u6267\u884c\u4e00\u4e2ashell\u6216\u5728\u4e0a\u9762\u7684\u5b50\u8fdb\u7a0b\u4e2d\u4f5c\u4e3a\u53c2\u6570\u7ed9\u51fa\u7684\u547d\u4ee4\u3002
\n\u4ee5\u4e0b\u662f\u5341\u4e2a\/etc\/sudoers\u6587\u4ef6\u914d\u7f6e\uff0c\u4ee5\u4f7f\u7528Defaults\u6761\u76ee\u4fee\u6539sudo\u547d\u4ee4\u7684\u884c\u4e3a\u3002<\/p>\n

sudo cat \/etc\/sudoers | less<\/pre>\n
1.\u8bbe\u7f6e\u5b89\u5168\u8def\u5f84<\/strong><\/div>\n

\u8fd9\u662f\u7528\u4e8e\u6bcf\u4e2a\u4f7f\u7528sudo\u8fd0\u884c\u7684\u547d\u4ee4\u7684\u8def\u5f84\uff0c\u5b83\u6709\u4e24\u4e2a\u91cd\u8981\u6027\uff1a
\n\u5728\u7cfb\u7edf\u7ba1\u7406\u5458\u4e0d\u4fe1\u4efbsudo\u7528\u6237\u5177\u6709\u5b89\u5168\u7684PATH\u73af\u5883\u53d8\u91cf\u65f6\u4f7f\u7528
\n\u8981\u5206\u79bb\u201c\u6839\u8def\u5f84\u201d\u548c\u201c\u7528\u6237\u8def\u5f84\u201d\uff0c\u53ea\u6709\u7531exempt_group\u5b9a\u4e49\u7684\u7528\u6237\u4e0d\u53d7\u6b64\u8bbe\u7f6e\u7684\u5f71\u54cd\u3002
\n\u8981\u8bbe\u7f6e\u5b83\uff0c\u8bf7\u6dfb\u52a0\u884c\uff1a<\/p>\n

Defaults secure_path=\"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/snap\/bin\"<\/pre>\n
2.\u5728TTY\u7528\u6237\u767b\u5f55\u4f1a\u8bdd\u4e0a\u542f\u7528sudo<\/strong><\/div>\n

\u8981\u542f\u7528\u4ece\u771f\u5b9etty\u8c03\u7528sudo\uff0c\u800c\u4e0d\u662f\u901a\u8fc7cron\u6216cgi-bin\u811a\u672c\u7b49\u65b9\u6cd5\u8c03\u7528\uff0c\u8bf7\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a<\/p>\n

Defaults requiretty<\/pre>\n
3.\u8fd0\u884cSudo\u547d\u4ee4\u4f7f\u7528pty<\/strong><\/div>\n

\u6709\u4e9b\u65f6\u5019\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528sudo\u8fd0\u884c\u6076\u610f\u7a0b\u5e8f\uff08\u4f8b\u5982\u75c5\u6bd2\u6216\u6076\u610f\u8f6f\u4ef6\uff09\uff0c\u8fd9\u5c06\u518d\u6b21\u5206\u53c9\u4fdd\u7559\u5728\u7528\u6237\u7684\u7ec8\u7aef\u8bbe\u5907\u4e0a\u7684\u540e\u53f0\u8fdb\u7a0b\uff0c\u5373\u4f7f\u5728\u4e3b\u7a0b\u5e8f\u5df2\u7ecf\u5b8c\u6210\u6267\u884c\u65f6\u3002<\/p>\n

\u4e3a\u4e86\u907f\u514d\u8fd9\u79cd\u60c5\u51b5\uff0c\u60a8\u53ef\u4ee5\u5c06sudo\u914d\u7f6e\u4e3a\u4ec5\u4f7f\u7528use_pty\u53c2\u6570\u4ecepsuedo-pty\u8fd0\u200b\u200b\u884c\u5176\u4ed6\u547d\u4ee4\uff0c\u65e0\u8bbaI \/O\u65e5\u5fd7\u662f\u5426\u5df2\u6253\u5f00\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n

Defaults use_pty1<\/pre>\n
4.\u521b\u5efaSudo\u65e5\u5fd7\u6587\u4ef6<\/strong><\/div>\n

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0csudo\u65e5\u5fd7\u901a\u8fc7syslog\uff083\uff09\u3002\u4f46\u662f\uff0c\u8981\u6307\u5b9a\u81ea\u5b9a\u4e49\u65e5\u5fd7\u6587\u4ef6\uff0c\u8bf7\u4f7f\u7528logfile\u53c2\u6570\uff0c\u5982\uff1a<\/p>\n

Defaults logfile=\"\/var\/log\/sudo.log\"<\/pre>\n

\u8981\u5728\u81ea\u5b9a\u4e49\u65e5\u5fd7\u6587\u4ef6\u4e2d\u8bb0\u5f55\u4e3b\u673a\u540d\u548c\u56db\u4f4d\u6570\u5e74\u4efd\uff0c\u8bf7\u5206\u522b\u4f7f\u7528log_host\u548clog_year\u53c2\u6570\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n

Defaults log_host, log_year, logfile=\"\/var\/log\/sudo.log\"<\/pre>\n
5.\u8bb0\u5f55Sudo\u547d\u4ee4\u8f93\u5165\/\u8f93\u51fa<\/strong><\/div>\n

log_input\u548clog_output\u53c2\u6570\u5141\u8bb8sudo\u5728\u4f2atty\u4e2d\u8fd0\u884c\u547d\u4ee4\uff0c\u5e76\u8bb0\u5f55\u6240\u6709\u7528\u6237\u8f93\u5165\u548c\u6240\u6709\u8f93\u51fa\u53d1\u9001\u5230\u5c4f\u5e55\u3002<\/p>\n

\u9ed8\u8ba4I \/ O\u65e5\u5fd7\u76ee\u5f55\u4e3a\/var\/log\/sudo-io\uff0c\u5982\u679c\u6709\u4f1a\u8bdd\u5e8f\u5217\u53f7\uff0c\u5219\u5b58\u50a8\u5728\u6b64\u76ee\u5f55\u4e2d\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7iolog_dir\u53c2\u6570\u6307\u5b9a\u81ea\u5b9a\u4e49\u76ee\u5f55\u3002<\/p>\n

Defaults log_input, log_output1<\/pre>\n

\u652f\u6301\u4e00\u4e9b\u8f6c\u4e49\u5e8f\u5217\uff0c\u4f8b\u5982\uff05{seq}\uff0c\u5176\u6269\u5c55\u4e3a\u5355\u8c03\u9012\u589e\u7684\u57fa\u784036\u5e8f\u5217\u53f7\uff0c\u4f8b\u5982000001\uff0c\u5176\u4e2d\u6bcf\u4e24\u4e2a\u6570\u5b57\u7528\u4e8e\u5f62\u6210\u65b0\u7684\u76ee\u5f55\uff0c\u4f8b\u5982\u300200\/00\/01\uff0c\u5982\u4e0b\u4f8b\u6240\u793a\uff1a<\/p>\n

[root@linuxprobe ~]# cd \/var\/log\/sudo-io\/\r\n[root@linuxprobe sudo-io]# ll\r\ntotal 8\r\ndrwx------ 3 root root 4096 Jan 12 18:58 00\r\n-rw------- 1 root root 7 Jan 12 19:08 seq\r\n[root@linuxprobe sudo-io]# cd 00\/00\/06\/\r\n[root@linuxprobe 06]# ls\r\nlog stderr stdin stdout timing ttyin ttyout\r\n[root@linuxprobe 06]# cat log\r\n1484219333:root:root::\/dev\/pts\/0\r\n\/root\r\n\/bin\/bash<\/pre>\n
6.\u8bb2\u89e3\u200b\u200bSudo\u7528\u6237<\/strong><\/div>\n

\u8981\u8bb2\u6388sudo\u7528\u6237\u5173\u4e8e\u7cfb\u7edf\u4e0a\u7684\u5bc6\u7801\u4f7f\u7528\uff0c\u8bf7\u4f7f\u7528\u5982\u4e0b\u6240\u793a\u7684lecture\u53c2\u6570\u3002<\/p>\n

\u5b83\u67093\u4e2a\u53ef\u80fd\u7684\u503c\uff1a<\/p>\n

always - \u603b\u662f\u8bb2\u4e00\u4e2a\u7528\u6237\u3002<\/p>\n

once - \u53ea\u5728\u7528\u6237\u7b2c\u4e00\u6b21\u6267\u884csudo\u547d\u4ee4\u65f6\u4f7f\u7528\uff08\u5f53\u6ca1\u6709\u6307\u5b9a\u503c\u65f6\u4f7f\u7528\uff09<\/p>\n

never - \u4ece\u4e0d\u8bb2\u6388\u7528\u6237\u3002<\/p>\n

Defaults lecture=\"always\"<\/pre>\n

\u6b64\u5916\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528lecture_file\u53c2\u6570\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u8bb2\u4e49\u6587\u4ef6\uff0c\u5728\u6587\u4ef6\u4e2d\u952e\u5165\u76f8\u5e94\u7684\u6d88\u606f\uff1a<\/p>\n

Defaults lecture_file=\"\/path\/to\/file\"<\/pre>\n
7.\u8f93\u5165\u9519\u8bef\u7684sudo\u5bc6\u7801\u65f6\u663e\u793a\u81ea\u5b9a\u4e49\u6d88\u606f<\/strong><\/div>\n

\u5f53\u7528\u6237\u8f93\u5165\u9519\u8bef\u7684\u5bc6\u7801\u65f6\uff0c\u547d\u4ee4\u884c\u4e0a\u5c06\u663e\u793a\u7279\u5b9a\u7684\u6d88\u606f\u3002\u9ed8\u8ba4\u6d88\u606f\u662f\u201csorry\uff0ctry again\u201d\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528badpass_message\u53c2\u6570\u4fee\u6539\u6d88\u606f\uff0c\u5982\u4e0b\u6240\u793a\uff1a
\nDefaults badpass_message=\"Password is wrong, please try again\uff0cthank you\uff01\"<\/p>\n

8.\u589e\u52a0sudo\u5bc6\u7801\u5c1d\u8bd5\u9650\u5236<\/strong><\/div>\n

\u53c2\u6570passwd_tries\u7528\u4e8e\u6307\u5b9a\u7528\u6237\u5c1d\u8bd5\u8f93\u5165\u5bc6\u7801\u7684\u6b21\u6570\u3002 \u9ed8\u8ba4\u503c\u4e3a3\uff1a<\/p>\n

Defaults passwd_tries=5<\/pre>\n
9.\u8ba9Sudo\u8f93\u5165\u9519\u8bef\u7684\u5bc6\u7801\u65f6\u8f93\u5165\u63d0\u793a<\/strong><\/div>\n
Defaults insults<\/pre>\n
10.\u4e86\u89e3\u66f4\u591aSudo\u914d\u7f6e<\/strong><\/div>\n

http:\/\/blog.csdn.net\/wh211212\/article\/details\/52923673<\/strong><\/a><\/p>\n

\n

\u539f\u6587\u6765\u81ea\uff1ahttp:\/\/blog.csdn.net\/wh211212\/article\/details\/54380930<\/a><\/p>\n

\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/sudo-skills.html \u200e<\/a>\u7f16\u8f91\uff1a\u738b\u8f89\uff0c\u5ba1\u6838\u5458\uff1a\u5cb3\u6c38<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

\u5bfc\u8bfb \u5728Linux\u548c\u5176\u4ed6\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\u4e2d\uff0c\u53ea\u6709root\u7528\u6237\u53ef\u4ee5\u8fd0\u884c\u6240\u6709\u547d\u4ee4\u5e76\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u67d0\u4e9b\u5173\u952e\u64cd\u4f5c\uff0c\u5982\u5b89 […]<\/p>\n","protected":false},"author":63,"featured_media":52181,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-47059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=47059"}],"version-history":[{"count":13,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47059\/revisions"}],"predecessor-version":[{"id":273606,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47059\/revisions\/273606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/52181"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=47059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=47059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=47059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}