`

admin bit super bit RedHat 下的越权执行

阅读更多
问题:
   在没有sudo的情况下,希望不暴露root口令,得到root执行权限。

方案:
   admin bit位,就是在普通的三位之后增加一个super位,来表示可以越权执行。具体例子如下,特别说明,在脚本中要使用到的任何命令都要设置越权。

命令 chmod u+s

引用

There has always been a void in every newbies mind when it comes to sticky bits. The books say that the SUID allows an unprivileged user
to run executables and scripts with the credentials of the owner of the file. But we all try to implement it and fail as newbies. This HOWTO is dedicated to newbies of sticky bit so that they don't have to waste time in implementing it. The answer is right here.

I am taking an example of a huge organization with 1 Sysadmin who has under him/her a few Assistant Admins. In such cases, the sysadmin cannot be creating users all the time. So, the Assistant Admins do the user creation. But, to create users, the root password needs to be given to them, which is a big headache for the main Sysadmin. So, what does the sysadmin do? He/She will need to do the following :-

1. Login as root.
2. Create a shell script
that will create the users specified and set a default password for each of these users
3. Copy this script to the home directory of these assistant admins.
4. Set SUID Sticky bit to the script copied in each of the assistant admins' directories
5. Copy the sysadmin commands that will be used by your script to /bin (because most of the sysadmin commands are in the /usr/sbin directory and unprivileged users' PATH does not point to /usr/sbin)
6. Set SUID to each and every command that you copy into the bin as well (my script uses the useradd, chown and chpasswd commands)

My example shell script that creates users and sets default password for each user is as follows :-
--------------------------------------------------------------------------------------------------------------------------
echo -n "enter the starting login id : "
read beg
echo -n "enter the ending login id : "
read final
fend=`date +"%d%m%y"`
i=$beg
rm -f "users$fend"
touch "users$fend"
while [ $i -le $final ];
do
if [ $i -lt 10 ]; then
useradd "j2ee00$i"
chown -R "j2ee00$i:j2ee00$i" "/home/j2ee00$i"
echo "j2ee00$i:elmaqedu" >> "users$fend"
fi
if [ $i -ge 10 ] && [ $i -lt 100 ]; then
useradd "j2ee0$i"
chown -R "j2ee0$i:j2ee0$i" "/home/j2ee0$i"
echo "j2ee0$i:elmaqedu" >> "users$fend"
fi
if [ $i -ge 100 ] && [ $i -lt 1000 ]; then
useradd "j2ee$i"
chown -R "j2ee$i:j2ee$i" "/home/j2ee$i"
echo "j2ee$i:elmaqedu" >> "users$fend"
fi
i=$[ $i + 1 ]
done
chpasswd < "users$fend"

--------------------------------------------------------------------------------------------------------------------------

Save this script as addusers.sh

copy this script to the directories of each assistant admin. once you have copied the script, set SUID to this file using the following command :-

chmod 4755 addusers.sh
(or)
chmod u+s addusers.sh

copy the useradd and chpasswd scripts to /bin and then, issue the following commands to set the SUID to these files :-

chmod 4755 /bin/useradd
chmod 4755 /bin/chpasswd
chmod 4755 /bin/chown

THAT'S IT. IT'S ALL DONE. Now, login as any of the assistant admins and execute the addusers.sh script. The unprivileged users will be added to the /etc/passwd file

EXPLANATION
---------------------
When an unprivileged user logs into Linux, his uid and gid are embedded into his shell. From this point on, any command or script that you run forks a child shell process. Remember, every process runs with the uid and gid of the currently logged on user and hence, unprivileged users cannot write to files like /etc/passwd. Hence, SUID is actually a way in which the sysadmin can create scripts to be run by unprivileged users but still need some root like access to some system files.

once the SUID sticky bit is set on an executable created by root, the following happens :-

1. unprivileged user with uid 501 and gid 501 logs on.
2. executes a script which has SUID set.
3. Script creates a child shell process and sets it's uid and gid to 0 (the root)
4. Performs all that it needs to do and then exits

If the same unprivileged user tries to run a script without SUID set, the process will run with uid 501 and gid 501 and hence, will not have permissions to perform desired actions on system centric files, even though the sysadmin would want it to.

  • 大小: 8.1 KB
分享到:
评论

相关推荐

    GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.tar.gz

    首先,我们需要准备的是名为"GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.tar.gz"的压缩包,这是专门为Red Hat操作系统定制的安装包。解压此文件后,我们将会得到一系列用于安装和配置GaussDB的必要文件。 安装前的...

    redhat linux AS5 64bit 安装 Oracle 11g 64bit 所需rpm包

    redhat linux AS5 64bit 安装 Oracle 11g 64bit 所需rpm包 不用在安装oralce之前检测所需rpm 直接在安装过程中oracle自行检测即可,以免预先安装了版本低的包

    GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.7z

    GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.7z是一个专为Red Hat Enterprise Linux 64位系统设计的GaussDB数据库安装包。GaussDB是由华为开发的一款分布式并行数据库,它支持大规模数据处理,适用于云计算环境和...

    Redhat7 DB2报The 32 bit library file libstdc++.so.5 is not found on the system解决

    ### Redhat7 DB2安装时遇到“The 32 bit library file libstdc++.so.5 is not found on the system”问题的解决方案 在部署数据库管理系统(DBMS)时,经常会出现各种兼容性或缺失库的问题。例如,在Redhat 7上安装...

    GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.tar.gz&HCIA-GaussDB_V1.0实验手册的安装教程.zip

    此版本为hedhat7.X以上版本,解压文件夹,里面包含了GaussDB_100_1.0.1-DATABASE-REDHAT-64bit.tar.gz,华为高斯数据库认证HCIA-GaussDB_V1.0实验手册.pdf,华为GaussDB 客户端工具—Data Studio 安装教程,照着文档...

    shellcheck在centOS/redHat下已编译的可执行文件

    shellcheck在centOS/redHat下没有可用的可执行文件或者可以直接编译生成的命令...附件是在centOS/redHat下已编译的可执行文件,理论上可以在其他centOS/redHat平台版本下使用,因编译过程太艰辛曲折,收取10分辛苦分。

    Linux Redhat5.3 Enterprise 64bit

    【标题】"Linux Redhat5.3 Enterprise 64bit" 涉及的主要知识点包括Linux操作系统、Red Hat Enterprise Linux(RHEL)发行版以及64位架构的相关内容。 Linux是一种自由和开放源代码的类UNIX操作系统,由林纳斯·托...

    GaussDB-Kernel-V300R002C00-REDHAT-64bit-Jdbc.tar.gz

    【高斯数据库与GaussDB-Kernel-V300R002C00-REDHAT-64bit-Jdbc】 高斯数据库,全称为华为GaussDB,是华为公司自主研发的一款分布式并行数据库系统,主要应用于大规模数据处理和分析场景。这款数据库产品旨在提供高...

    redhat下安装oracle

    以下是对"redhat下安装oracle"这一主题的详细解释。 首先,确保你的Red Hat系统满足Oracle数据库的基本硬件和软件需求。这通常包括特定版本的操作系统(例如,Red Hat Enterprise Linux),足够的内存和处理器资源...

    RedHat下安装及配置vsftp

    ### RedHat下安装及配置vsftp服务的详细指南 在RedHat系统中,vsftp(Very Secure FTP)是一个广泛使用的FTP服务器程序,以其安全性、稳定性和丰富的特性而著称。以下是在RedHat 6.3环境下安装和配置vsftp服务的...

    RedHat下安装及配置telnet

    在RedHat下安装及配置telnet服务是一项基本的网络管理技能,尤其对于系统管理员来说,掌握这一技术可以极大地提升远程管理服务器的效率。本文将基于给定文件的信息,详细阐述在RedHat环境下如何安装、配置telnet服务...

    redhat下tomcat安装

    在红帽子系统下安装tomcat的方法

    RedHat下安装hadoop集群

    在redhat下安装hadoop集群,文件中包括设置静态ip,jdk安装,内含截图,详细指导。

    redhat下的虚拟化

    在RHEV的部署过程中,首先需要安装域控,这涉及创建用户(例如,`redhat1`和`redhat2`,其中`redhat`是管理员),配置服务器管理器,并安装必要的软件如`.NET Framework`。接着,安装RHEL作为RHEV-H主机。在RHEL上,...

    RedHat7.0百度云下载链接

    RedHat7.0百度云下载链接

    redhat9下的yum安装包

    在redhat9下直接安装yum ,不需其他关联文件

    linux redhat下异地备份

    ### Linux RedHat 下异地备份详解 #### 一、引言 在现代企业的IT环境中,数据安全至关重要。为了防止数据丢失,通常需要对重要的业务数据进行定期备份。在Linux环境下,尤其是RedHat系列操作系统中,实现异地备份...

    RedHat下安装DB2 10.5

    ### RedHat 下安装 DB2 10.5 #### 知识点概述 本文档将详细介绍如何在 RedHat 6.4 操作系统环境中安装 IBM DB2 10.5 数据库服务器。整个过程分为几个步骤:配置本地 YUM 源、安装前准备、解压与安装 DB2 软件、...

Global site tag (gtag.js) - Google Analytics