{"id":199,"date":"2012-04-21T16:57:26","date_gmt":"2012-04-21T08:57:26","guid":{"rendered":"http:\/\/www.ipcpu.com\/?p=199"},"modified":"2012-04-21T16:57:26","modified_gmt":"2012-04-21T08:57:26","slug":"linux-root-user","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2012\/04\/linux-root-user\/","title":{"rendered":"Linux\u4e2droot\u6743\u9650\u4e0b\u653e"},"content":{"rendered":"<p>\u4e00\u822c\u6765\u8bf4\uff0croot\u6743\u9650\u662f\u5728\u7cfb\u7edf\u7ba1\u7406\u5458\u624b\u4e2d\uff0c\u4e0d\u80fd\u8f7b\u6613\u5c31\u7ed9\u4e86\u666e\u901a\u7528\u6237\uff0c\u4f46\u662f\u6709\u65f6\u666e\u901a\u7528\u6237\u60f3\u505a\u4e00\u4e9b\u9ad8\u7ea7\u4e00\u70b9\u7684\u64cd\u4f5c\uff0c\u53c8\u5f97\u9ebb\u70e6\u7cfb\u7edf\u7ba1\u7406\u5458\uff0c\u6bd4\u5982\u554a\uff0c\u6539\u4e2a\u7a0b\u5e8f\u6587\u4ef6\u91cd\u542f\u4e2aApache\u7b49\u7b49\u3002<br \/>\n\u4e8e\u662f\u5c31\u6709\u4e86root\u6743\u9650\u7684\u4e0b\u653e\uff0c\u4f7f\u5f97\u666e\u901a\u7528\u6237\u80fd\u591f\u6267\u884croot\u7528\u6237\u624d\u80fd\u6267\u884c\u7684\u547d\u4ee4\u3002<br \/>\n\u5728CentOS\u4e2d\uff0croot\u6743\u9650\u7684\u4e0b\u653e\u53ef\u4ee5\u901a\u8fc7\/etc\/sudoers \u6587\u4ef6\u6765\u5b9e\u73b0\u3002<br \/>\n\u6211\u4eec\u6253\u5f00\u8fd9\u4e2a\u6587\u4ef6\u3002<br \/>\n\u8fd9\u4e2a\u6587\u4ef6\u7684\u5f00\u5934\u5c31\u5199\u660e\u4e86\u8fd9\u4e2a\u6587\u4ef6\u7684\u7528\u9014\uff1a<br \/>\nSudoers allows particular users to run various commands as the root user, without needing the root password.<br \/>\n\u5728\u6587\u4ef6\u7684\u6700\u5e95\u90e8\u7ed9\u51fa\u4e86\u4f7f\u7528\u7684\u683c\u5f0f\u3002<br \/>\n## Allows people in group wheel to run all commands<br \/>\n# %wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL=(ALL)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL<br \/>\n## Same thing without a password<br \/>\n# %wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL=(ALL)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NOPASSWD: ALL<br \/>\n\u8fd9\u91cc\u6709\u56db\u4e2a\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a%wheel\u8868\u793a\u7684\u662f\u7528\u6237\u7ec4\uff0c\u7b2c\u4e8c\u4e2a\u90e8\u5206ALL\u662f\u4f5c\u7528\u5bf9\u8c61\uff0c\u4e5f\u5c31\u662f\u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u6709\u6548\uff0c \u7b2c\u4e09\u90e8\u5206\u662f\u4ee5\u8c01\u7684\u8eab\u4efd\u6765\u8fd0\u884c\uff0c\u7b2c\u56db\u4e2a\u90e8\u5206\u5c31\u662f\u8981\u6267\u884c\u7684\u547d\u4ee4\u4e86\u3002<br \/>\n\u4e3e\u4e2a\u4f8b\u5b50\uff1a\u6211\u4eec\u8981\u5141\u8bb8www\u7ec4\u7684\u7528\u6237\u62e5\u6709\u91cd\u542fapache\u7684\u6743\u5229\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u5728\u8fd9\u4e2a\u6587\u4ef6\u5e95\u90e8\u6dfb\u52a0\uff1a<br \/>\n%www? ALL=(root)? \/usr\/sbin\/apachectl -k start<br \/>\nwww? ALL=(root)? \/usr\/sbin\/apachectl -k restart<br \/>\n\u6ce8\u610f\uff1a\u52a0\u4e0a%\u6307\u5b9a\u7684\u662f\u7528\u6237\u7ec4\uff0c\u4e0d\u52a0%\u6307\u5b9a\u7684\u662f\u7528\u6237\u3002\u6267\u884c\u547d\u4ee4\u8fd9\u91cc\u4e00\u5b9a\u8981\u5199\u5b8c\u6574\u8def\u5f84\uff0c\u6bd5\u7adf\u6bcf\u4e2a\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u90fd\u4e0d\u4e00\u6837\u3002<br \/>\n\u7136\u540e\u4fdd\u5b58\uff0c\u6ce8\u610f\u4e00\u5b9a\u8981\u5f3a\u5236\u4fdd\u5b58\uff0c\u52a0\u4e0a\u53f9\u53f7\u3002<br \/>\n\u6211\u4eec\u5207\u6362\u5230www\u7528\u6237<br \/>\n[ipcpu@s104 ~]$ sudo \/usr\/sbin\/apachectl -k start<br \/>\nWe trust you have received the usual lecture from the local System<br \/>\nAdministrator. It usually boils down to these three things:<br \/>\n#1) Respect the privacy of others.<br \/>\n#2) Think before you type.<br \/>\n#3) With great power comes great responsibility.<br \/>\nPassword:<br \/>\n[ipcpu@s104 ~]$ netstat -tunlp | grep 80<br \/>\n(No info could be read for \"-p\": geteuid()=500 but you should be root.)<br \/>\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0\u00a0\u00a0 0 :::80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 :::*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LISTEN\u00a0\u00a0\u00a0\u00a0\u00a0 -<br \/>\n[ipcpu@s104 ~]$<br \/>\n\u540e\u8bb0\uff1a\u8fd9\u4e2a\u914d\u7f6e\u6587\u4ef6\u7684\u4e2d\u95f4\u90e8\u5206\u7ed9\u51fa\u4e86\u8bb8\u591aAlias\uff0c\u5305\u62ecHost_Alias\uff0c\u8bbe\u5b9a\u4e3b\u673a\u7684\uff0cUser_Alias \u8bbe\u5b9a\u7528\u6237\u7684\uff0cCmnd_Alias\u8bbe\u5b9a\u76f8\u5173\u547d\u4ee4\u7684\uff0c\u5927\u5bb6\u53ef\u4ee5\u81ea\u5df1\u63a2\u7d22\u4e00\u4e0b\u5594\u3002<\/p>\n<p>\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1a<a href=\"https:\/\/c.ipcpu.com\">IPCPU-\u7f51\u7edc\u4e4b\u8def<\/a> &raquo; <a href=\"https:\/\/c.ipcpu.com\/2012\/04\/linux-root-user\/\">Linux\u4e2droot\u6743\u9650\u4e0b\u653e<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>\u4e00\u822c\u6765\u8bf4\uff0croot\u6743\u9650\u662f\u5728\u7cfb\u7edf\u7ba1\u7406\u5458\u624b\u4e2d\uff0c\u4e0d\u80fd\u8f7b\u6613\u5c31\u7ed9\u4e86\u666e\u901a\u7528\u6237\uff0c\u4f46\u662f\u6709\u65f6\u666e\u901a\u7528\u6237\u60f3\u505a\u4e00\u4e9b\u9ad8\u7ea7\u4e00\u70b9\u7684\u64cd\u4f5c\uff0c\u53c8\u5f97\u9ebb\u70e6\u7cfb\u7edf\u7ba1\u7406\u5458\uff0c\u6bd4\u5982\u554a\uff0c\u6539\u4e2a\u7a0b\u5e8f\u6587\u4ef6\u91cd\u542f\u4e2aApache\u7b49\u7b49\u3002 \u4e8e\u662f\u5c31\u6709\u4e86root\u6743\u9650\u7684\u4e0b\u653e\uff0c\u4f7f\u5f97\u666e\u901a\u7528\u6237\u80fd\u591f\u6267\u884croot\u7528\u6237\u624d\u80fd\u6267\u884c\u7684\u547d\u4ee4\u3002 \u5728CentOS\u4e2d\uff0croot\u6743\u9650\u7684\u4e0b\u653e\u53ef\u4ee5\u901a\u8fc7\/etc\/sudoers \u6587\u4ef6\u6765\u5b9e\u73b0\u3002 \u6211\u4eec\u6253\u5f00\u8fd9\u4e2a\u6587\u4ef6\u3002 \u8fd9\u4e2a\u6587\u4ef6\u7684\u5f00\u5934\u5c31\u5199\u660e\u4e86\u8fd9\u4e2a\u6587\u4ef6\u7684\u7528\u9014\uff1a Sudoers allows particular users to run various commands as the root user, without needing the root password. \u5728\u6587\u4ef6\u7684\u6700\u5e95\u90e8\u7ed9\u51fa\u4e86\u4f7f\u7528\u7684\u683c\u5f0f\u3002 ## Allows people in group wheel to run all commands # %wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL=(ALL)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL ## Same thing without a password # %wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALL=(ALL)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NOPASSWD: ALL \u8fd9\u91cc\u6709\u56db\u4e2a\u90e8\u5206\uff0c\u7b2c\u4e00\u4e2a%wheel\u8868\u793a\u7684\u662f\u7528\u6237\u7ec4\uff0c\u7b2c\u4e8c\u4e2a\u90e8\u5206ALL\u662f\u4f5c\u7528\u5bf9\u8c61\uff0c\u4e5f\u5c31\u662f\u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u6709\u6548\uff0c \u7b2c\u4e09\u90e8\u5206\u662f\u4ee5\u8c01\u7684\u8eab\u4efd\u6765\u8fd0\u884c\uff0c\u7b2c\u56db\u4e2a\u90e8\u5206\u5c31\u662f\u8981\u6267\u884c\u7684\u547d\u4ee4\u4e86\u3002 \u4e3e\u4e2a\u4f8b\u5b50\uff1a\u6211\u4eec\u8981\u5141\u8bb8www\u7ec4\u7684\u7528\u6237\u62e5\u6709\u91cd\u542fapache\u7684\u6743\u5229\uff0c\u6211\u4eec\u5c31\u53ef\u4ee5\u5728\u8fd9\u4e2a\u6587\u4ef6\u5e95\u90e8\u6dfb\u52a0\uff1a %www? ALL=(root)? \/usr\/sbin\/apachectl [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[17,20],"_links":{"self":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/199"}],"collection":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/comments?post=199"}],"version-history":[{"count":0,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/199\/revisions"}],"wp:attachment":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/media?parent=199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/categories?post=199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/tags?post=199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}