Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform."— Presentation transcript:

1 Chapter 3 Rootly Powers

2 Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform any valid operation on any file or process, such as: Changing the root directory of a process with chroot Creating device files (mknod) Setting the system clock Raising anyone’s resource usage limits and process priorities (renice, edquota) Setting the system’s hostname (hostname command) Configuring network interfaces (ifconfig command) Shutting down the system (shutdown command)

3 Computer Center, CS, NCTU 3 Becoming root (1)  Login as root Console login  Allow root login on console but not cross network.  If you don’t want to permit root login in the console ttyv1 "/usr/libexec/getty Pc" cons25 on secure  ttyv1 "/usr/libexec/getty Pc" cons25 on insecure Remote login (login cross network)  sshd: /etc/ssh/sshd_config #PermitRootLogin yes

4 Computer Center, CS, NCTU 4 Becoming root (2)  su : substitute user identity su, su -, su username ※ Environment is unmodified with the exception of USER, HOME, SHELL which will be changed to target user. ※ “su -” will simulate as a full login.  sudo : a limited su Subdivide superuser’s power  Who can execute what command on which host. Each command executed through sudo will be logged Install sudo  /usr/ports/security/sudo Edit /usr/local/etc/sudoers using visudo command  visudo can check mutual exclusive access of sudoers file Sep 22 23:24:19 chbsd sudo: chwong : TTY=ttyp4 ; PWD=/usr/ports ; USER=root ; COMMAND=/usr/bin/make update fetchindex

5 Computer Center, CS, NCTU 5 Becoming root (3) sudoers format  Who can execute what command on which host –The user to whom the line applies –The hosts on which the line should be noted –The commands that the specified users may run –The users as whom they may be executed  Use absolute path Host_AliasBSD=bsd1,bsd2,alumni Host_AliasLINUX=linux1,linux2 Cmnd_AliasDUMP=/usr/sbin/dump, /usr/sbin/restore Cmnd_AliasPRINT=/usr/bin/lpc, /usr/bin/lprm Cmnd_AliasSHELLS=/bin/sh, /bin/tcsh, /bin/csh

6 Computer Center, CS, NCTU 6 Becoming root (4) Host_AliasBSD=bsd1,bsd2,alumni Host_AliasLINUX=linux1,linux2 Cmnd_AliasDUMP=/usr/sbin/dump, /usr/sbin/restore Cmnd_AliasPRINT=/usr/bin/lpc, /usr/bin/lprm Cmnd_AliasSHELLS=/bin/sh, /bin/tcsh, /bin/csh Cmnd_AliasSU=/usr/bin/su User_AliaswwwTA=jnlin, ystseng User_AliasprintTA=thchen, jnlin chwongALL=ALL chiahungALL=(ALL)ALL,!SHELL,!SU printTAcsduty=PRINT wwwTABSD=(nobody)/usr/bin/more %wheelALL=NOPASSWD:/sbin/shutdown

7 Computer Center, CS, NCTU 7 Becoming root (5) % sudo –u nobody more /usr/local/etc/apache/httpd.conf % cp –p /bin/csh /tmp/csh; sudo /tmp/csh

8 Computer Center, CS, NCTU 8 Advantage of sudo  Accountability is much improved because of command logging  Operators can do chores without unlimited root privileges  The real root password can be known to only one or two people  It ’ s faster to use sudo than to run su or login as root  Privileges can be revoked without the need to change the root password  A canonical list of all users with root privileges is maintained  There is less chance of a root shell being left unattended  A single file can be used to control access for an entire network

Download ppt "Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform."

Similar presentations

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.
Linux Users and Groups Management

Linux Users and Groups Management
Basic Unix system administration

Basic Unix system administration
2000 Copyrights, Danielle S. Lahmani UNIX Tools G22.2245-001, Fall 2000 Danielle S. Lahmani Lecture 12.

2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 12.
Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.

Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.
Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.

Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.
Unix Systems Administration 1Y. K. Chang root: the super user 4 The UNIX semigod who can perform privileged tasks: controlling processes, adding devices,

Unix Systems Administration 1Y. K. Chang root: the super user 4 The UNIX semigod who can perform privileged tasks: controlling processes, adding devices,
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.

Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Linux Shell. 2 Linux Command-Line Interface ■ Linux shells: A shell is a command interpreter that allows you to type commands from the keyboard to interact.

Linux Shell. 2 Linux Command-Line Interface ■ Linux shells: A shell is a command interpreter that allows you to type commands from the keyboard to interact.
Help session: Unix basics Keith 9/9/2011. Login in Unix lab  User name: ug0xx Password: ece321 (initial)  The password will not be displayed on the.

Help session: Unix basics Keith 9/9/2011. Login in Unix lab  User name: ug0xx Password: ece321 (initial)  The password will not be displayed on the.
Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.

Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.

CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.
1 Advanced Unix Administrative Tools. 2 VMWare Image Setup We all need to check out the VMWare FC6 image that you’ll be using We all need to check out.

1 Advanced Unix Administrative Tools. 2 VMWare Image Setup We all need to check out the VMWare FC6 image that you’ll be using We all need to check out.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Similar presentations

Ads by Google