µ±Ç°Î»ÖãºLinux½Ì³Ì - Linux×ÛºÏ - Óû§¹ÜÀí(ÏÂ)

Óû§¹ÜÀí(ÏÂ)

¡¡¡¡±¾ÎÄÇ°Ò»²¿·Ö½éÉÜÁËÓû§¹ÜÀí»ù±¾²Ù×÷µÄÄÚÈÝ£¬ÏÂÃæÎÒÃÇÒ»ÆðÀ´¼ÌÐø̽ÌÖÓйØÓû§¹ÜÀíµÄ¸ß¼¶ÄÚÈÝ¡£ ¡ô³¬¼¶Óû§È¨ÏÞÓëÊÚȨ ¡ñ½¨Á¢¶à¸ö³¬¼¶Óû§ ²»ÉÙÐÂϵͳ¹ÜÀíÔ±ÈÏΪrootÓû§ÊÇΨһµÄ³¬¼¶Óû§£¬ÆäʵrootÖ»ÊÇϵͳĬÈϵij¬¼¶Óû§µÄÃû³Æ£¬root²¢·ÇÒòΪËü½Ðroot¶ø³ÉΪ³¬¼¶Óû§µÄ¡£Ëæ±ã´ò¿ªÒ»¸ö/etc/passwdÎļþµÄÀý×Ó£¬Äã¾Í»á·¢ÏÖÈçϼ¸ÐУº root:asiewhgYfaoO/J:0:0:root:/root:/bin/tcsh bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin: lanf:Yuao56Ioyefg:0:0:bluewind:/home/bluewind:/bin/bash jake:gUyfaiIodashfj:501:501:jake cheng:/home/jake:/bin/tcsh apache:!!:502:502::/usr/local/apache:/bin/false ¿ÉÒÔ¿´µ½£¬rootµÄUIDºÍGID¶¼±»ÉèÖÃΪ0ÁË¡£Êµ¼ÊÉÏ£¬³¬¼¶Óû§µÄ³äÒªÌõ¼þ¾ÍÊÇUIDºÍGID¶¼µÈÓÚ0¡£Ò²¾ÍÊÇ˵£¬ÈκÎÓû§£¬Ö»ÒªËüµÄUIDºÍGID¶¼Îª0£¬¾ÍÓë³£±»³ÆΪroot³¬¼¶Óû§Ã»ÓÐʲôÁ½ÑùÁË¡£±ÈÈçÉÏÃæÄǸöÀý×ÓÀïÃæµÄlanf£¬Ò²ÊÇÒ»¸ö³¬¼¶Óû§¡£ ËùÒÔ£¬¿ÉÒÔ½«ÈκÎÆÕͨÓû§±ä³É³¬¼¶Óû§¡£µ«ÊÇ£¬ÕâÑù×ö²¢Ã»Óкô¦£¬ºÜ¶àʱºòÕⶼ»áÔö¼ÓϵͳµÄÒþ»¼¡£³ý·ÇÔÚ×éÖ¯ÖÐÐèÒª¶à¸öϵͳ¹ÜÀíÔ±¹ÜÀíͬһ¸öϵͳ£¬Õâ¾ÍÐèÒªÓжà¸ö³¬¼¶Óû§Õʺš£ÕâÓÐÀûÓÚ¸÷¸ö¹ÜÀíÔ±Ã÷È·ÔðÈΣ¬Í¨¹ýÈÕÖ¾ÖªµÀ²»Í¬µÄÈË·Ö±ð×ö¹ýʲôÊ¡£ »¹ÓÐÒ»ÖÖÇé¿ö£¬Ò²¿ÉÄܳöÏÖ¶à¸ö³¬¼¶Óû§Õʺţ¬ÄǾÍÊǺڿÍÈëÇÖºóÉèÖÃÒ»¸ö¿´ÆðÀ´ÏóÆÕͨÕʺŵÄÓû§£¬È´ÐÞ¸ÄÁËUIDºÍGIDʹ֮Ϊ0¡£ÕâÑù¸ù±¾¾Í²»ÐèÒªÖªµÀ rootÓû§ÃÜÂ룬¾Í¿ÉÒÔÖ´Ðг¬¼¶Óû§È¨ÏÞÁË¡£¶ø´ÓÎÒÃǵÄϵͳ¹ÜÀíÔ±µÄÒ»·½À´Ëµ£¬ÎÒÃDz»¿ÉÄÜʱ¿Ì×¢ÒâpasswdÎļþµÄ±ä»¯µÄ£¬Ã»ÓÐÄǸöʱ¼äҲûÓÐÄǸö¾«Á¦¡£ÕâʱֻºÃ±àдһ¸ö½Å±¾À´°ïÖú¼àÊÓ£¬ÀýÈ磺 /bin/grep ¡®0:0¡¯ /etc/passwd awk ¡®BEGIN{FS=¡±:¡±}{print $1}¡¯mail ¨Cs ¡°`date +¡±%D%T¡±`¡±root ÕâÊÇÒ»¸öºÜСµÄ½Å±¾³ÌÐò£¬Ê¹ÓÃÁËһЩ³£¹æµÄÃüÁîÀ´²é¿´/etc/passwdÎļþ£¬°ÑUIDºÍGIDΪ0µÄÐмĸørootÓû§¡£°ÑÕâ¸ö½Å±¾·ÅÔÚ/etc/cron.dailyÎļþÖÐÈÃcronÔËÐУ¬root½«Ã¿ÌìÊÕµ½Ò»·âÐÅ£¬±¨¸æµ±Ç°µÄ³¬¼¶Óû§¡£ ʵ¼ÊÉÏ£¬ÓÉÓÚPAM£¨¿É²åÈëÑé֤ģ¿é£©µÄÏÞÖÆ£¬ÔÚtelnetÉÏÊDz»ÔÊÐí³¬¼¶Óû§µÇÈëµÄ£¬Ò²¾ÍÊÇ˵£¬ºÚ¿ÍÐÞ¸ÄÁË×Ô¼ºµÄUIDºÍGIDºó£¬ÏëÔٴεǽ´Ó¶ø»ñµÃ³¬¼¶Óû§µÄȨÏ޵Ļ°£¬²»ÐÞ¸Ä/etc/seurettyÎļþÊDz»¿ÉÄܵġª¡ª³ý·ÇÄãɵµ½×Ô¼ºÌí¼ÓÁËαTTYÉ豸ROOTÓû§µÇ½ȨÏÞ¡£Ò»°ã¿ÉÒÔÈ󬼶Óû§ÏÈÓÃÆÕͨÓû§Õʺŵǽ£¬ÔÙsu£¨suÃüÁîÏà¹ØÄÚÈÝÇë²Î¿¼±¾Õ¾ÃüÁî²éѯ²¿·Ö£©¡£ ¡ñΪÆÕͨÓû§·ÖÅäÌØȨ ʹÓÃsudo ÃüÁî¿ÉÒÔÔÊÐíÆÕͨÓû§Ö´Ðг¬¼¶Óû§²ÅÄÜÖ´ÐеÄÃüÁî¡£ÎÞÂÛÊÇ»ùÓÚÐÅÈεĽ¨Á¢ÐèҪʱ¼ä£¬»¹ÊÇ»ùÓÚÊÇ·ñ´æÔÚÕâÖÖ±ØÒª£¬ÎÒÃǶ¼²»»á°Ñ³¬¼¶Óû§µÄËùÓÐȨÏÞÇáÒ×ÐíÈ˵ġ£ÕâÊÇÍø¹Ü¹¤×÷µÄÔ­Ôò¡£ËùÒÔ£¬µ±Ò»Ð©Óû§±ØÐë·ÃÎÊijЩÄÚÈÝʱ£¬ÎÒÃÇ¿ÉÒÔÅäÖÃsudoÒÔÔÊÐíµ¥¶ÀµÄÆÕͨÓû§ÔËÐÐÌØȨÃüÁî¡£ sudoÃüÁîÔÊÐíÒѾ­ÔÚ/etc/sudoersÎļþÖÐÖ¸¶¨µÄÓû§ÔËÐг¬¼¶Óû§ÃüÁî¡£ÀýÈ磬һ¸öÒѾ­»ñµÃÐí¿ÉµÄÆÕͨÓû§¿ÉÒÔÔËÐУº sudo vi /etc/passwd ʵ¼ÊÉÏ£¬sudoµÄÅäÖÃÍêÈ«¿ÉÒÔÈÃÎÒÃÇÖ¸¶¨Ä³¸öÁÐÈë/etc/sudoersÎļþµÄÆÕͨÓû§¿ÉÒÔ×öʲô¡¢²»¿ÉÒÔ×öʲô¡£/etc/sudoersµÄÅäÖÃÐÐÈçÏ£º > ¿ÕÐлò×¢ÊÍÐУ¨ÒÔ#×Ö·û´òÍ·£©£ºÎÞÓÃÐС£ > ¿ÉÑ¡µÄÖ÷»ú±ðÃûÐУºÓÃÀ´´´½¨Ö÷»úÁбíµÄ¼ò³Æ¡£±ØÐëÒÔHost_Alias¹Ø¼ü´Ê¿ªÍ·£¬ÁбíÖеÄÖ÷»ú±ØÐëÓöººÅ¸ô¿ª¡£ÀýÈ磺 Host_Alias REDHAT=binbu,qd ÆäÖÐbinbuºÍqdÊÇÁ©Ö÷»úÃû£¬Äã¿ÉÒÔÓÃREDHAT£¨±ðÃû£©Í³³ÆËüÃÇ¡£ >¿ÉÑ¡µÄÓû§±ðÃûÐУºÓÃÀ´´´½¨Óû§ÁбíµÄ¼ò³Æ¡£Óû§±ðÃûÐбØÐëÒÔUser_Alias¹Ø¼ü´Ê¿ªÍ·£¬ÁбíÖеÄÓû§Ãû±ØÐëÒÔ¶ººÅ¸ô¿ª¡£Æä¸ñʽͬÖ÷»ú±ðÃûÐС£ >¿ÉÑ¡µÄÃüÁî±ðÃûÐУºÓÃÀ´´´½¨ÃüÁîÁбíµÄ¼ò³Æ¡£±ØÐëÒÔCmnd_alias¿ªÍ·£¬ÁбíÖеÄÃüÁî±ØÐëÓöººÅ¸ô¿ª¡£ >¿ÉÑ¡µÄÔËÐз½Ê½±ðÃûÐУºÒ²ÊÇÓÃÀ´´´½¨Óû§ÁбíµÄ¼ò³Æ¡£²»Í¬µÄÊÇ£¬Ê¹ÓÃÕâÑùµÄ±ðÃû¿ÉÒÔ¸æËßsudo³ÌÐòÒÔÁбíÖÐijһÓû§µÄÉí·ÝÀ´ÔËÐгÌÐò¡£ >±ØÒªµÄÓû§·ÃÎÊ˵Ã÷ÐУºÓû§·ÃÎʵÄ˵Ã÷Óï·¨ÈçÏ£º user host= [run as user ] command list ÔÚuser´¦Ö¸¶¨Ò»¸öÕæÕýµÄÓû§Ãû»ò¶¨Òå¹ýµÄ±ðÃû£¬Í¬ÑùµÄ£¬hostÒ²¿ÉÒÔÊÇÒ»¸öÕæÕýµÄÖ÷»úÃû»òÕ߶¨Òå¹ýµÄÖ÷»ú±ðÃû¡£Ä¬ÈÏÇé¿öÏ£¬sudoÖ´ÐеÄËùÓÐÃüÁÊÇÒÔrootÉí·ÝÖ´ÐС£Èç¹ûÄãÏëʹÓÃÆäËûÉí·Ý¿ÉÒÔÖ¸¶¨¡£ÖÁÓÚcommand list¿ÉÒÔÊÇÒÔ¶ººÅ·Ö¸ôµÄÃüÁîÁÐ±í£¬Ò²¿ÉÒÔÊÇÒ»¸öÒѾ­¶¨Òå¹ýµÄ±ðÃû¡£ÀýÈ磺 lanf binbu=/sbin/shutdown ÕâÒ»¾ä˵Ã÷lanf¿ÉÒÔÔÚbinbuÖ÷»úÉÏÔËÐйػúÃüÁî¡£ ×¢Ò⣺ 1¡¢¿ÉÒÔÔÚÒ»Ðж¨Òå¶à¸ö±ðÃû£¬ÖмäÓ㺸ô¿ª¡£ 2¡¢¿ÉÒÔÔÚÃüÁî»òÃüÁî±ðÃû֮ǰ¼ÓÉÏ£¡ºÅ£¬Ê¹¸ÃÃüÁî»òÃüÁî±ðÃûÎÞЧ¡£ 3¡¢ÓÐÁ½¸ö¹Ø¼ü´Ê£ºALL ºÍNOPASSWD¡£ALLÒâζ×Å¡°ËùÓÐÎļþ¡±£¨ËùÓÐÖ÷»ú»òËùÓÐÃüÁ£¬NOPASSWDÒâζ×Ų»ÓÃÃÜÂë¡£ ÏÂÃæÊÇÒ»¸ösudoersÎļþµÄÀý×Ó£º #sudoers files #User alias specification
[1] [2] ÏÂÒ»Ò³ 

User_Alias ADMIN=yourid:POWERUSER=hisid,herid #user privilege specification ADMIN ALL=ALL POWERUSER ALL=ALL,!/bin/su µÚÈýÐж¨ÒåÁËÁ½¸ö±ðÃûADMINºÍPOWERUSER£¬µÚÎåÐÐ˵Ã÷ÔÚËùÓÐÖ÷»úÉÏADMIN¶¼¿ÉÒÔÒÔrootÉí·ÝÖ´ÐÐËùÓÐÃüÁî¡£µÚÁùÐиøPOWERUSER³ýÁËÔËÐÐsuÃüÁîÍâͬµÈADMINµÄȨÏÞ¡£

£¨³ö´¦£ºhttp://www.sheup.com£©


ÉÏÒ»Ò³ [1] [2]