第三章 3.Linux 用户及权限管理练习
1.Linux 用户与组管理
1.创建一个名为bk2304 的组,组id 为2000
[root@localhost ~]# groupadd bk2304 -g 2000
[root@localhost ~]# tail -1 /etc/group
bk2304:x:2000:
2.创建一个名为bk2305 的组,组id 为2001
[root@localhost ~]# groupadd bk2305 -g 2001
[root@localhost ~]# tail -1 /etc/group
bk2305:x:20001:
3.创建tom 用户,指定uid 为1500,基本组为bk2304,附加组为bk2305
[root@localhost ~]# userdel tom
[root@localhost ~]# useradd tom -u 1500 -g bk2304
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Creating mailbox file: File exists
[root@localhost ~]# id tom
uid=1500(tom) gid=2000(bk2304) groups=2000(bk2304)
[root@localhost ~]# usermod tom -G bk2305
[root@localhost ~]# id tom
uid=1500(tom) gid=2000(bk2304) groups=2000(bk2304),2001(bk2305)
[root@localhost ~]#
4.创建jerry 用户,指定uid 为1501,基本组为bk2304,附加组为bk2305
[root@localhost ~]# useradd jerry -u 1501 -g bk2304 -G bk2305
[root@localhost ~]# id jerry
uid=1501(jerry) gid=2000(bk2304) groups=2000(bk2304),2001(bk2305)
[root@localhost ~]#
5.为tom 用户和jerry 设定密码
[root@localhost ~]# passwd jerry
Changing password for user jerry.
New password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# passwd tom
Changing password for user tom.
New password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]#
6.修改tom 用户的密码最长有效期为90
[root@localhost ~]# passwd -x 90 tom
Adjusting aging data for user tom.
passwd: Success
[root@localhost ~]# passwd -S tom
tom PS 2023-09-29 0 90 7 -1 (Password set, SHA512 crypt.)
[root@localhost ~]#
密码一般最短有效期3天
密码一般最长有效期90天
8.锁定jerry 用户的密码
[root@localhost ~]# passwd -S jerry
jerry PS 2023-09-29 0 99999 7 -1 (Password set, SHA512 crypt.)
[root@localhost ~]# passwd -l jerry
Locking password for user jerry.
passwd: Success
[root@localhost ~]# passwd -S jerry
jerry LK 2023-09-29 0 99999 7 -1 (Password locked.)
[root@localhost ~]#
密码状态:
* LK,密码锁定
* NP,没有密码
* PS,有可用密码
2. 权限演变
- 笔记中权限演变过程,操作一遍
- 把ajest 换成自己的名字
修改文件权限
1.权限验证
[root@localhost ~]# su wj
[wj@localhost root]$ touch /tmp/wj.txt
[wj@localhost root]$ echo "i live linux" >> /tmp/wj.txt
[wj@localhost root]$ cat /tmp/wj.txt
i live linux
[wj@localhost root]$ /tmp/wj.txt
bash: /tmp/wj.txt: Permission denied
[wj@localhost root]$ ls -l /tmp/wj.txt
-rw-rw-r-- 1 wj wj 13 Sep 29 12:17 /tmp/wj.txt
[wj@localhost root]$
2.撤销所有者读权限:
[wj@localhost root]$ ls -l /tmp/wj.txt
-rw-rw-r-- 1 wj wj 13 Sep 29 12:17 /tmp/wj.txt
[wj@localhost root]$ chmod u-r /tmp/wj.txt
[wj@localhost root]$ cat /tmp/wj.txt
cat: /tmp/wj.txt: Permission denied
[wj@localhost root]$ ls -lh /tmp/wj.txt
--w-rw-r-- 1 wj wj 13 Sep 29 12:17 /tmp/wj.txt
[wj@localhost root]$ 
3.撤销写权限:
[wj@localhost root]$ echo "can i do it?" >> /tmp/wj.txt
[wj@localhost root]$ ls -lh /tmp/wj.txt
--w-rw-r-- 1 wj wj 26 Sep 29 12:30 /tmp/wj.txt
[wj@localhost root]$ chmod u-w /tmp/wj.txt
[wj@localhost root]$ echo "can i do" >> /tmp/wj.txt
bash: /tmp/wj.txt: Permission denied
[wj@localhost root]$ ls -lh /tmp/wj.txt
----rw-r-- 1 wj wj 26 Sep 29 12:30 /tmp/wj.txt
[wj@localhost root]$
4.切换root 用户,并且创建目录/tmp/rootdir/。
[wj@localhost root]$ su root
Password:
[root@localhost ~]# mkdir /tmp/rootdir
[root@localhost ~]# ls -ld /tmp/rootdir/
drwxr-xr-x 2 root root 6 Sep 29 12:36 /tmp/rootdir/
5.新建文件/tmp/rootdir/root.txt,并输入内容“this is from root”
[root@localhost rootdir]# echo "this is from root" > /tmp/rootdir/root.txt
[root@localhost rootdir]# ls /tmp/rootdir/
root.txt
[root@localhost rootdir]#
6.切换wj用户,尝试进入目录/tmp/rootdir/,并新建文件ajest.txt,内容为“this is from ajest”。
[root@localhost rootdir]# su wj
[wj@localhost rootdir]$ cd /tmp/rootdir/
[wj@localhost rootdir]$ echo "this is from wj" >> wj.txt
bash: wj.txt: Permission denied
[wj@localhost rootdir]$ ls -ld /tmp/rootdir/
drwxr-xr-x 2 root root 22 Sep 29 12:44 /tmp/rootdir/
[wj@localhost rootdir]$
发现操作无法完成,报错信息为权限不允许,查看目录权限可知,其他用户对该目录没有写权限,也就是说,其他用户不能在该目录中,创建、删除文件。
7.切换root 用户,修改其他用户对目录/tmp/rootdir 的权限为0。
[wj@localhost rootdir]$ su root
Password:
[root@localhost rootdir]# ls -ld /tmp/rootdir/
drwxr-xr-x 2 root root 22 Sep 29 12:44 /tmp/rootdir/
[root@localhost rootdir]# chmod o=--- /tmp/rootdir/
[root@localhost rootdir]# ls -ld /tmp/rootdir/
drwxr-x--- 2 root root 22 Sep 29 12:44 /tmp/rootdir/
[root@localhost rootdir]# su - wj
Last login: Fri Sep 29 12:45:51 CST 2023 on pts/0
[wj@localhost ~]$ cd /tmp/rootdir/
-bash: cd: /tmp/rootdir/: Permission denied
[wj@localhost ~]$ ls -ld /tmp/rootdir/
drwxr-x--- 2 root root 22 Sep 29 12:44 /tmp/rootdir/
[wj@localhost ~]$
查看/root/rootdir 目录权限,发现其他用户对该目录权限为0,没有执行权限,即其他用户不能进入该目录
8.调整/root/rootdir 目录权限,调整其他用户对该目录的权限为7:
[wj@localhost ~]$ su root
Password:
[root@localhost wj]# chmod o=rwx /tmp/rootdir/
[root@localhost wj]# su wj
[wj@localhost ~]$ echo "this is from wj" >> /tmp/rootdir/wj.txt
[wj@localhost ~]$ ls /tmp/rootdir/
root.txt wj.txt
[wj@localhost ~]$ rm -rf /tmp/rootdir/wj.txt
[wj@localhost ~]$ echo "this is from wj" >> /tmp/rootdir/root.txt
bash: /tmp/rootdir/root.txt: Permission denied
[wj@localhost ~]$ rm -rf /tmp/rootdir/root.txt
[wj@localhost ~]$ ls /tmp/rootdir/
[wj@localhost ~]$
修改文件所属者
1.切换到wj用户,创建目录/tmp/wjdir/,并在目录中新建文件wj.txt,内容为“My Name is wj”:
[wj@localhost ~]$ mkdir /tmp/wjdir
[wj@localhost ~]$ echo "my name is wj" > /tmp/wjdir/wj.txt
[wj@localhost ~]$ ls /tmp/wjdir/
wj.txt
[wj@localhost ~]$ ls -ld /tmp/wjdir/
drwxrwxr-x 2 wj wj 20 Sep 29 13:04 /tmp/wjdir/
[wj@localhost ~]$
2.切换root 用户,将文件/tmp/wjdir/wj.txt 的所有者修改为root:
[wj@localhost ~]$ su root
Password:
[root@localhost wj]# chown root /tmp/wjdir/wj.txt
[root@localhost wj]# ls -l /tmp/wjdir/wj.txt
-rw-rw-r-- 1 root wj 14 Sep 29 13:04 /tmp/wjdir/wj.txt
[root@localhost wj]#
3.切换wj用户,尝试向文件/tmp/wjdir/wj.txt 追加内容“Can I do it?”:
[root@localhost wj]# su wj
[wj@localhost ~]$ echo "Can i do it?" >> /tmp/wjdir/wj.txt
[wj@localhost ~]$ cat /tmp/wjdir/wj.txt
my name is wj
Can i do it?
[wj@localhost ~]$
由以上命令结果可知,即使将文件/tmp/wjdir/wj.txt 的所有者修改为root,
wj 用户依然可以向该文件中追加内容,这是为什么呢?注意到,对该文件拥有写权
限的,除了所有者,还有所属组,然而wj 用户在所属组wj 中,所以wj 用依
然对该文件有写权限。
4.将文件/tmp/wjdir/wj.txt 文件所属组的权限调整为0,再次测试wj是否可以向该文件中追加内容。
[wj@localhost ~]$ su root
Password:
[root@localhost wj]# chmod g=--- /tmp/wjdir/wj.txt
[root@localhost wj]# ls -l /tmp/wjdir/wj.txt
-rw----r-- 1 root wj 27 Sep 29 13:11 /tmp/wjdir/wj.txt
[root@localhost wj]# su wj
[wj@localhost ~]$ echo "Can i do it" >> /tmp/wjdir/wj.txt
bash: /tmp/wjdir/wj.txt: Permission denied
[wj@localhost ~]$
3. 特殊权限位验证
1.粘滞位
粘滞位对目录有效,在具备粘滞位旗标的目录中创建的文件,只有所有者能够删除。
切换用户wj,创建文件/tmp/wj.txt。切换用户WJ,创建文件/tmp/WJ.txt。尝试在WJ 用户下删除文件/tmp/wj.txt。
[wj@localhost ~]$ touch /tmp/wj.txt
[wj@localhost ~]$ ls -l /tmp/wj.txt
----rw-r-- 1 wj wj 26 Sep 29 13:28 /tmp/wj.txt
[wj@localhost ~]$ exit
exit
[root@localhost wj]# useradd WJ
[root@localhost wj]# su WJ
[WJ@localhost wj]$ touch /tmp/WJ.txt
[WJ@localhost wj]$ ls -l /tmp/WJ.txt
-rw-rw-r-- 1 WJ WJ 0 Sep 29 13:30 /tmp/WJ.txt
[WJ@localhost wj]$ rm -rf /tmp/wj.txt
rm: cannot remove ‘/tmp/wj.txt’: Operation not permitted
[WJ@localhost wj]$
撤销目录/tmp/ 的粘滞位权限,切换用户wj,尝试删除文件/tmp/WJ.txt。
[root@localhost tmp]# ls -ld /tmp
drwxrwxrwt. 8 root root 151 Oct 6 13:27 /tmp
[root@localhost tmp]# chmod o-t .tmo
chmod: cannot access ‘.tmo’: No such file or directory
[root@localhost tmp]# chmod o-t /tmp
[root@localhost tmp]# ls -ld /tmp
drwxrwxrwx. 8 root root 151 Oct 6 13:27 /tmp
[root@localhost tmp]# su wj
[wj@localhost tmp]$ ls
wj.txt WJ.txt
[wj@localhost tmp]$ rm -rf WJ.txt
[wj@localhost tmp]$ ls
wj.txt
[wj@localhost tmp]$
去掉粘滞位 t
发现删除成功,
说明粘滞位的作用只有所有者可用删除,
2.SGID
创建目录/tmp/rootdir/,调整所有人对该目录的权限为7,给该目录这是sgid 权限。
[wj@localhost ~]$ su root
Password:
[root@localhost wj]# mkdir /tmp/rootdir
mkdir: cannot create directory ‘/tmp/rootdir’: File exists
[root@localhost wj]# ls -ld /tmp/rootdir/
drwxr-xrwx 2 root root 6 Sep 29 12:58 /tmp/rootdir/
[root@localhost wj]# chmod a=rwx /tmp/rootdir/
[root@localhost wj]# chmod g+s /tmp/rootdir/
[root@localhost wj]# ls -ld /tmp/rootdir/
drwxrwsrwx 2 root root 6 Sep 29 12:58 /tmp/rootdir/
[root@localhost wj]#
切换用户ajest,新建文件/tmp/rootdir/ajest.txt。
[root@localhost wj]# su wj
[wj@localhost ~]$ touch /tmp/rootdir/wj.txt
[wj@localhost ~]$ ls -l /tmp/rootdir/wj.txt
-rw-rw-r-- 1 wj root 0 Sep 29 13:58 /tmp/rootdir/wj.txt
[wj@localhost ~]$
可以通过2777 参数设置sgid 特殊权限位
[root@localhost wj]# mkdir /tmp/rootdir
[root@localhost wj]# ls -ld /tmp/rootdir/
drwxrwsrwx 2 root root 20 Sep 29 13:58 /tmp/rootdir/
[root@localhost wj]# chomd 2777 /tmp/rootdir/
[root@localhost wj]# ls -ld /tmp/rootdir/
drwxrwsrwx 2 root root 20 Sep 29 13:58 /tmp/rootdir/
[root@localhost wj]#
3.SUID
特殊权限位SUID,对可执行文件有效。当一个可执行文件具有SUID 标志,无论哪个用户运行该文件(命令),谁就具有该文件所有者的权限。
1.查找find 命令,并赋予其suid 权限。
[root@localhost wj]# which find
/bin/find
[root@localhost wj]# ls -l /usr/bin/find
-rwxr-xr-x. 1 root root 199200 Nov 20 2015 /usr/bin/find
[root@localhost wj]# chmod u+s /usr/bin/find
[root@localhost wj]# ls -l /usr/bin/find
-rwsr-xr-x. 1 root root 199200 Nov 20 2015 /usr/bin/find
[root@localhost wj]#
2.调整目录/tmp/rootdir/ 权限,并创建文件/tmp/rootdir/root.txt。
[root@localhost wj]# chmod g-s /tmp/rootdir/
[root@localhost wj]# ls -ld /tmp/rootdir/
drwxrwxrwx 2 root root 20 Sep 29 13:58 /tmp/rootdir/
[root@localhost wj]# touch /tmp/rootdir/root.txt
[root@localhost wj]# 
3.切换用户ajest,在根目录中查找文件root.txt。
root@localhost ~]# su wj
[wj@localhost ~]$ find / -name "root.txt"
find: ‘/run/user/0/gvfs’: Permission denied
/tmp/rootdir/root.txt
[wj@localhost ~]$ exit
logout
[root@localhost ~]# chmod u+s /usr/bin/find
[root@localhost ~]# su wj
[wj@localhost ~]$ find / -name "root.txt"
...
find: ‘/tmp/rootdir’: Permission denied
[wj@localhost ~]$ ls -l /usr/bin/find
-rwxr-xr-x. 1 root root 199200 Nov 20 2015 /usr/bin/find
[wj@localhost ~]$ man find
[wj@localhost ~]$ find / -perm -4000
[wj@localhost ~]$ find /tmp/rootdir/ -exec whoami \;
root
root
root
4.CVE-2019-14287
sudoer 配置
[root@localhost ~]#visudo
1:wj ALL=(ALL, !root) /usr/bin/whoami, /usr/bin/id
试验:
[wj@localhost ~]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for wj:
Matching Defaults entries for wj on localhost:
!visiblepw, always_set_home, match_group_by_gid, env_reset,
env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User wj may run the following commands on localhost:
(ALL, !root) /usr/bin/whoami, /usr/bin/id
[wj@localhost ~]$ sudo -u WJ id
uid=1502(WJ) gid=1502(WJ) groups=1502(WJ)
[wj@localhost ~]$ sudo -u root id
Sorry, user wj is not allowed to execute '/bin/id' as root on localhost.localdomain.
[wj@localhost ~]$ sudo -u#1500 id
uid=1500(tom) gid=2000(bk2304) groups=2000(bk2304),2001(bk2305)
[wj@localhost ~]$ sudo -u#0 id
Sorry, user wj is not allowed to execute '/bin/id' as root on localhost.localdomain.
[wj@localhost ~]$ sudo -u#-1 id
uid=0(root) gid=1000(wj) groups=1000(wj)
[wj@localhost ~]$ id
uid=1000(wj) gid=1000(wj) groups=1000(wj)
[wj@localhost ~]$