- 论坛徽章:
- 0
|
10可用积分
本帖最后由 xjjjk 于 2010-04-21 11:43 编辑
问题:通过aix的扩展acl给kill命令设置了允许一个普通用户执行kill命令,现在使用这个普通用户登录,运行kill -15 uid,提示kill: 450728: Permission denied.
备注:同样的设置在aix 5.1上就没有问题;
1、acledit kill
*
* ACL_type AIXC
*
attributes:
base permissions
owner(bin): r-x
group(bin): r-x
others: r-x
extended permissions
enabled
permit --x u:kuser
已经将这个普通用户加入到bin组
$ ls -el kill
-r-xr-xr-x+ 1 bin bin 7342 Jul 31 2008 kill
2、通过truss kill -15 uid跟踪
$ truss kill -15 450728
execve("/usr/bin/kill", 0x2FF22D20, 0x2000F5B argc: 3
sbrk(0x00000000) = 0x200016A8
vmgetinfo(0x2FF21EE0, 7, 16) = 0
sbrk(0x00000000) = 0x200016A8
sbrk(0x0000000 = 0x200016A8
__libc_sbrk(0x00000000) = 0x200016B0
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
__loadx(0x01480180, 0x2FF21990, 0x00000960, 0xF028938C, 0xF02892BC) = 0xF02408D8
__loadx(0x07080000, 0xF028935C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241808
__loadx(0x07080000, 0xF028929C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241814
__loadx(0x07080000, 0xF028936C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241844
__loadx(0x07080000, 0xF02892AC, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241850
__loadx(0x07080000, 0xF028932C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241820
__loadx(0x07080000, 0xF02892CC, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241838
__loadx(0x07080000, 0xF028933C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF024185C
__loadx(0x07080000, 0xF028934C, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF024188C
__loadx(0x07080000, 0xF02892DC, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241874
__loadx(0x07080000, 0xF02892EC, 0xFFFFFFFF, 0xF02408D8, 0x00000000) = 0xF0241910
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
getuidx(4) = 2111
getuidx(2) = 2111
getuidx(1) = 2111
getgidx(4) = 201
getgidx(2) = 201
getgidx(1) = 201
__loadx(0x01480080, 0x2FF21990, 0x00000960, 0x2FF22410, 0x00000000) = 0xD014B130
access("/usr/lib/nls/msg/en_US/kill.cat", 0) = 0
_getpid() = 462994
kill(450728, 15) Err#1 EPERM
open("/usr/lib/nls/msg/en_US/kill.cat", O_RDONLY) = 3
kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY
kfcntl(3, F_SETFD, 0x00000001) = 0
kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY
kread(3, "\0\001 鵟001\001 I S O 8".., 4096) = 543
lseek(3, 0, 1) = 543
lseek(3, 0, 1) = 543
lseek(3, 0, 1) = 543
_getpid() = 462994
lseek(3, 0, 1) = 543
_getpid() = 462994
lseek(3, 0, 1) = 543
kill: kwrite(2, " k i l l : ", 6) = 6
450728kwrite(2, " 4 5 0 7 2 8", 6) = 6
: kwrite(2, " : ", 2) = 2
0509-013 Permission denied.
kwrite(2, " 0 5 0 9 - 0 1 3 P e r".., 2 = 28
kwrite(2, "\n", 1) = 1
kfcntl(1, F_GETFL, 0x2FF22FFC) = 2
kfcntl(2, F_GETFL, 0x00000000) = 2
_exit(2)
$
3、查看/usr/lib/nls/msg/en_US/kill.cat权限
$ ls -al /usr/lib/nls/msg/en_US/kill.cat
-rw-r--r-- 1 bin bin 543 Jul 13 2004 /usr/lib/nls/msg/en_US
/kill.cat
$ |
|
免费注册
发表于 2010-04-21 11:37
