linux软件以超级用户执行,linux普通用户程序以root权限运行并且不用输入密码

查看原文:http://blog.chinaunix.net/uid-12078489-id-2960259.html

On Fedora Core 8 the normal user that has no root privilege can "shutdown","poweroff" or "reboot". So, we can take this as an example to let other program running with the power of root.

The original content of /usr/bin/system-config-date(only the root can rejust the date and time) & /usr/bin/poweroff (anyone can poweroff).

[yufei@localhost ~]$ ll /usr/bin/poweroff

lrwxrwxrwx 1 root root 13 2007-11-28 05:41 /usr/bin/poweroff -> consolehelper

[yufei@localhost ~]$ ll /usr/bin/system-config-date

lrwxrwxrwx 1 root root 13 2007-11-28 06:06 /usr/bin/system-config-date -> consolehelper

[root@localhost]~# cat /etc/security/console.apps/poweroff

FALLBACK=true

[root@localhost]~# cat /etc/security/console.apps/system-config-date

USER=root

PROGRAM=/usr/share/system-config-date/system-config-date.py

SESSION=true

[root@localhost]~# cat /etc/pam.d/poweroff

#%PAM-1.0

auth       sufficient   pam_rootok.so

auth       required     pam_console.so

#auth       include     system-auth

account    required     pam_permit.so

[root@localhost]~# cat /etc/pam.d/system-config-date

#%PAM-1.0

auth            include         config-util

account         include         config-util

session         include         config-util

Now, we give "system-config-date" the power of root.

Firstly, we backup the system-config-date:

[root@localhost]~# cp /etc/pam.d/system-config-date /root/

[root@localhost]~# cp /etc/security/console.apps/system-config-date /root/system-config-date2

Ok, now we copy the "power" of /usr/bin/poweroff to /usr/bin/system-config-date

[root@localhost]~# cp /etc/pam.d/poweroff /etc/pam.d/system-config-date

[root@localhost]~# cp /etc/security/console.apps/poweroff/etc/security/console.apps/system-config-date

Check the content of configure files:

[root@localhost]~# cat /etc/pam.d/system-config-date

#%PAM-1.0

auth       sufficient   pam_rootok.so

auth       required     pam_console.so

#auth       include     system-auth

account    required     pam_permit.so

[root@localhost]~# cat /etc/security/console.apps/system-config-date

FALLBACK=true

Try to launch the /usr/bin/system-config-date use a normal user(yufei):

[yufei@localhost ~]$ system-config-date

Failed, Because the location of system-config-date is NULL. Add it:

[root@localhost]~# vim /etc/security/console.apps/system-config-date

[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date

FALLBACK=true

PROGRAM=/usr/share/system-config-date/system-config-date.py

Try again:

[yufei@localhost ~]$ system-config-date

No protocol specified

Text mode interface is deprecate

We can use "/usr/bin/system-config-date" without the root's password now. But, this is only text mode.

Now we add(append) the following lines to /etc/pam.d/system-config-date

[root@localhost]~# vim /etc/pam.d/system-config-date

[yufei@localhost ~]$ cat /etc/pam.d/system-config-date

#%PAM-1.0

auth       sufficient   pam_rootok.so

auth       required     pam_console.so

#auth       include     system-auth

account    required     pam_permit.so

session         include         config-util

auth            include         config-util

account         include         config-util

The result is: with the following lines, you have to input the password of root. So we edit out them and Try again.

auth            include         config-util

auth       include     system-auth

[root@localhost]~# vim /etc/pam.d/system-config-date

[yufei@localhost ~]$ cat /etc/pam.d/system-config-date

#%PAM-1.0

auth       sufficient   pam_rootok.so

auth       required     pam_console.so

#auth       include     system-auth

account    required     pam_permit.so

session         include         config-util

#auth            include         config-util

#account         include         config-util

Try to re-start the /usr/bin/system-config-date

[yufei@localhost ~]$ system-config-date

No protocol specified

Text mode interface is deprecated

Still no GUI.

Now add the following line to /etc/security/console.apps/system-config-date:

SESSION=true

[root@localhost]~# vim /etc/security/console.apps/system-config-date

[yufei@localhost ~]$ cat /etc/security/console.apps/system-config-date

FALLBACK=true

PROGRAM=/usr/share/system-config-date/system-config-date.py

SESSION=true

Try again. Ok, it start successfully without root's password.

EXTR: the final contents of the 2 above configure files of "system-config-date":[root@localhost]~# cat /etc/security/console.apps/system-config-date

FALLBACK=true

PROGRAM=/usr/share/system-config-date/system-config-date.py

SESSION=true

[root@localhost]~# cat /etc/pam.d/system-config-date

#%PAM-1.0

auth       sufficient   pam_rootok.so

auth       required     pam_console.so

#auth       include     system-auth

account    required     pam_permit.so

session         include         config-util

#auth            include         config-util

#account         include         config-util

[root@localhost]~#

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值