- File and Directory Permissions
- Context-Based Permissions
- Privilege Escalation
- User Types
This chapter is from the book
This chapter is from the book
This chapter is from the book
Privilege Escalation
The concept behind privilege escalation is that a user may need to be able to execute commands using an account that has more privileges than the user’s account normally has. For example, a regular user may need to execute a command that requires root user access. There are several techniques that can provide privilege access; this subsection covers the techniques that are exam testable.
su
The su command allows a user to shift user accounts:
[student@OCS ~]# id uid=1000(student) gid=1000(student) groups=1000(student) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [student@localhost ~]# su root Password: [root@OCS ~]# id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
One option is permitted when executing the su command: the - option. When you execute the su command with the - option, a new login shell will be provided. When you’re not using the - character, a non-login shell will be provided.
sudo
When properly configured by the administrator, users can use the sudo command to run commands as other users (typically as the root user). To execute a command as root, enter the following:
sudo command
You will be prompted for your own password and, if the settings in the /etc/sudoers file are correct, the command will execute correctly. If the settings are not correct, an error message will appear.
The following table describes common options for the sudo command:
|
Option |
Description |
|---|---|
|
-b |
Run the command in the background. |
|
-e |
Run like the sudoedit command. See the “sudoedit” subsection in this chapter. |
|
-l |
List which commands are allowed for this user. |
|
-u user |
Run the command as user rather than as the root user. |
Also see the “visudo” section in this chapter for details regarding the /etc/sudoers file.
wheel
A common method for providing non-root users with root access is to use the wheel group. If enabled in the /etc/sudoers file (normally this line is “commented out”), anyone in the wheel group will have the ability to run any command as the root user via the sudo command:
%wheel ALL=(ALL) ALL
visudo
The /etc/sudoers file is used to determine which users can use the sudo command to execute commands as other users (typically as the root user). To edit this file, you must be logged in as the root user and should use the visudo command rather than edit the file directly.
The following table describes important definitions for the /etc/sudoers file:
|
Option |
Description |
|---|---|
|
User_Alias |
A name that represents a group of users (for example, User_Alias ADMINS = julia, sarah) |
|
Cmnd_Alias |
A name that represents a group of commands (for example, Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/yum). |
The format of an entry for the /etc/sudoers file uses the following syntax:
user machine=commands
To allow the student user the ability to execute the /usr/bin/yum command as the root user, add an entry like the following to the /etc/sudoers file:
student ALL=/usr/bin/yum
To allow all members of ADMINS the ability to execute all of the SOFTWARE command as the root user, add an entry like the following to the /etc/sudoers file:
ADMINS ALL=SOFTWARE
sudoedit
If you want to edit a file using sudo access, consider using the sudeoedit or sudo -e command. Using this feature requires having the ability to edit a file using a command designed to edit files (such as nano, vi, or vim).
Example:
sudoedit file1
Note that the editor that will be chosen depends on variables. The following variables are consulted:
SUDO_EDITOR
VISUAL
EDITOR
If none of these variables is set, then the vi editor is typically the default.