¡¡*Ìܼ¡ [#m091eb98]
´ðËÜÀßÄê †
sudo¤ÎÀßÄê¤Ï /etc/sudoers ¤Ë¤Æ¹Ô¤¦¡£
ľÀÜÊÔ½¸¤â²Äǽ¤À¤¬¡¢¹½Ê¸¥Á¥§¥Ã¥¯¤Ê¤É¤Îµ¡Ç½¤ò»ý¤Ä°Ê²¼¤Î¥³¥Þ¥ó¥É·Ðͳ¤ÇÊÔ½¸¤ò¹Ô¤¦¤³¤È¤ò¿ä¾©¤¹¤ë¡£
visudo
sudo¤ò»ÈÍѤǤ¤ë¥æ¡¼¥¶¤ÎÀ©¸æ †
ÀßÄê¥Õ¥¡¥¤¥ë¤Îmain part°Ê²¼¤Ë³Æ¥æ¡¼¥¶Ëè¤ÎÀßÄê¤òµ½Ò¤¹¤ë¡£
- wheel¥°¥ë¡¼¥×½ê°¥æ¡¼¥¶¤òµö²Ä
°Ê²¼¤Î¹Ô¤Î¥³¥á¥ó¥È¤ò³°¤¹¤Èwheel¥°¥ë¡¼¥×¤Ë½ê°¤¹¤ëÁ´¥æ¡¼¥¶¤Çsudo¤Î¼Â¹Ô¤¬²Äǽ¤È¤Ê¤ë¡£%wheel ALL=(ALL) NOPASSWD: ALL
¥æ¡¼¥¶Ëè¤Ë¼Â¹Ô²Äǽ¤Ê¥³¥Þ¥ó¥É¤òÀ©¸Â¤¹¤ë †
ÀßÄê¥Õ¥¡¥¤¥ë¤Îmain part°Ê²¼¤Ë³Æ¥æ¡¼¥¶Ëè¤ÎÀßÄê¤òµ½Ò¤¹¤ë¡£
½ñ¼°¤Ï°Ê²¼¤È¤Ê¤ë¡£
[USER NAME] [Àܳ¸µ]=([¼Â¹Ô¥æ¡¼¥¶¸¢¸Â]) [¥³¥Þ¥ó¥É1], [¥³¥Þ¥ó¥É2], ...
- Îã
guest¥æ¡¼¥¶¤ËÀܳ¸µÀ©¸Â¤Ê¤·¤Çroot¸¢¸Â¤Ç/etc/init.d/apachectrl¤Î¼Â¹Ô¤òµö²Ä¤¹¤ë¾ì¹ç¤Ï°Ê²¼¤ÈÀßÄꤹ¤ë¡£
guest ALL=(root) /etc/init.d/apachectl
¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Î¥³¥Þ¥ó¥É¼Â¹Ô †
NOPASSWD¤Î¥ª¥×¥·¥ç¥ó¤òÀßÄꤹ¤ë¤³¤È¤Ç¡¢¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤Î¼Â¹Ô¤¬²Äǽ¤È¤Ê¤ë¡£
guest ALL=(root) NOPASSWD: /etc/init.d/apachectl
¥¨¥é¡¼Âбþ †
sudo: sorry, you must have a tty to run sudo †
tty¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤ËȯÀ¸¤¹¤ë¥¨¥é¡¼¡£
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó·Ðͳ¤Çsudo¤ò»ÈÍѤ¹¤ë¾ì¹ç¡Êzabbix_agentd¤«¤é¤Îremote commmand¡¢web-console¤«¤é¤Îsudo¤Ê¤É¡Ë¤ËȯÀ¸¤¹¤ë¡£
¥Ç¥Õ¥©¥ë¥ÈÀßÄê¤Ïsudo»ÈÍÑ»þ¤Ëtty¤òÍ׵᤹¤ëÍͤËÀßÄ꤬¤µ¤ì¤Æ¤¤¤ë¤¿¤á¡¢¤³¤ì¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤¹¤ë¤³¤È¤Ç²ò¾Ã¤Ç¤¤ë¡£
¡ÚÊѹ¹Á°¡ÛDefaults requiretty ¡ÚÊѹ¹¸å¡Û# Defaults requiretty
¢¡Ãí°Õ¢¡
±ó³ÖÁàºî¤Ê¤É¤Çsudo¤¬»ÈÍѤǤ¤Æ¤·¤Þ¤¦¤¿¤á¡¢¥»¥¥å¥ê¥Æ¥£¥ê¥¹¥¯¤òÉ餦¤³¤È¤ÏÍý²ò¤·¤ÆÀßÄꤹ¤ë¤³¤È
»²¹Í †
- »ß¤á¤é¤ì¤Ê¤¤UNIX¥µ¡¼¥Ð¤Î¥»¥¥å¥ê¥Æ¥£Âкö Âè5²ó
¥µ¡¼¥Ó¥¹¤ò¥»¥¥å¥¢¤Ë¤¹¤ë¤¿¤á¤ÎÍøÍÑÀ©¸Â¡Ê3¡Ë¡Á´ÉÍý¼Ô¸¢¸Â¤ÎÀ©¸Â¤Î¤¿¤á¤Îsu¤Èsudo¤Î´ðËÜ¡Á
http://www.atmarkit.co.jp/fsecurity/rensai/unix_sec05/unix_sec01.html
Last-modified: 2012-04-08 (Æü) 03:30:23 (4395d)