编辑权限
- 赋予 argor 重启服务器权限
visudo root ALL=(ALL) ALL argor ALL=/sbin/shutdown -r now
root ALL=(ALL) ALL argor ALL=/sbin/shutdown -r now,/usr/sbin/init 6
- 查看被赋予的权限
[argor@argor ~]$ sudo -l [sudo] password for argor: Matching Defaults entries for argor on argor: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User argor may run the following commands on argor: (root) /sbin/shutdown -r now, /usr/sbin/init 6
SUID
- 意义:命令的执行者,以文件的所有者身份执行命令(所有组,……,passwd命令拥有的意义,在处理/etc/shadow文件)
- 范例查看(红底白字显示文件)
[root@argor argor]# ll /usr/bin/passwd -rwsr-xr-x. 1 root root 27856 Apr 1 11:57 /usr/bin/passwd
赋予 suid 权限[root@argor argor]# chmod u+s /usr/bin/list [root@argor argor]# ll /usr/bin/list -rwsr-xr-x. 1 root root 26 Jun 1 19:05 /usr/bin/list
数字形式赋予权限(默认为0,即0755)
[root@argor argor]# ll /usr/bin/list -rwxr-xr-x. 1 root root 26 Jun 1 19:05 /usr/bin/list [root@argor argor]# chmod 4755 /usr/bin/list [root@argor argor]# ll /usr/bin/list -rwsr-xr-x. 1 root root 26 Jun 1 19:05 /usr/bin/list [root@argor argor]# chmod 2755 /usr/bin/list [root@argor argor]# ll /usr/bin/list -rwxr-sr-x. 1 root root 26 Jun 1 19:05 /usr/bin/list [root@argor argor]# chmod 1755 /usr/bin/list [root@argor argor]# ll /usr/bin/list -rwxr-xr-t. 1 root root 26 Jun 1 19:05 /usr/bin/list [root@argor argor]# chmod 0755 /usr/bin/list [root@argor argor]# ll /usr/bin/list -rwxr-xr-x. 1 root root 26 Jun 1 19:05 /usr/bin/list
sudo