Gaining Privileges

Administrator sistem, dan dalam beberapa kasus pengguna, perlu melakukan tugas tertentu dengan akses administratif. Mengakses sistem sebagai pengguna root berpotensi berbahaya dan dapat menyebabkan kerusakan luas pada sistem dan data. Bab ini membahas cara untuk mendapatkan hak administratif menggunakan program setuid seperti su dan sudo. Program-program ini memungkinkan pengguna tertentu untuk melakukan tugas yang biasanya hanya tersedia untuk pengguna root sambil mempertahankan tingkat kontrol dan keamanan sistem yang lebih tinggi.

Lihat Panduan Keamanan Red Hat Enterprise Linux 7 untuk informasi lebih lanjut tentang kontrol administratif, potensi bahaya, dan cara mencegah kehilangan data akibat penggunaan akses istimewa yang tidak semestinya.

Perintah su

Ketika pengguna menjalankan perintah su, mereka akan dimintai kata sandi root dan, setelah otentikasi, diberikan prompt shell root.

Setelah login menggunakan perintah su, pengguna adalah pengguna root dan memiliki akses administratif mutlak ke sistem. Perhatikan bahwa akses ini masih tunduk pada batasan yang diberlakukan oleh SELinux, jika diaktifkan. Selain itu, setelah pengguna menjadi root, mereka dapat menggunakan perintah su untuk berpindah menjadi pengguna lain di sistem tanpa diminta kata sandi.

Karena program ini sangat kuat, administrator dalam suatu organisasi mungkin ingin membatasi siapa yang memiliki akses ke perintah.

Salah satu cara paling sederhana untuk melakukannya adalah dengan menambahkan pengguna ke grup administratif khusus yang disebut wheel. Untuk melakukannya, ketik perintah berikut sebagai root:

~]# usermod -a -G wheel namapengguna

Dalam perintah sebelumnya, gantikan namapengguna dengan nama pengguna yang ingin Anda tambahkan ke grup wheel.

Anda juga bisa memakai alat pengaturan Pengguna untuk mengubah keanggotaan grup, sebagai berikut. Perhatikan bahwa Anda perlu hak administrator untuk melakukan prosedur ini.

  1. Tekan tombol Super untuk masuk ke Ringkasan Aktivitas, ketik Users lalu tekan Enter. Alat pengaturan Pengguna muncul. Tombol Super muncul dalam berbagai samaran, tergantung pada papn ketik dan perangkat keras lainnya, tetapi sering kali sebagai tombol Windows atau Command, dan biasanya di sebelah kiri Spacebar.

  2. Untuk memfungsikan membuat perubahan, klik tombol Buka kunci, dan masukkan kata sandi administrator yang valid.

  3. Klik ikon pengguna di kolom kiri untuk menampilkan properti pengguna di panel sebelah kanan.

  4. Ubah Jenis Akun dari Standar menjadi Administrator. Ini akan menambahkan pengguna ke grup wheel.

Lihat Mengelola Pengguna dalam Lingkungan Grafis untuk informasi lebih lanjut tentang alat Pengguna.

After you add the desired users to the wheel group, it is advisable to only allow these specific users to use the su command. To do this, edit the PAM configuration file for su, /etc/pam.d/su. Open this file in a text editor and uncomment the following line by removing the # character:

#auth           required        pam_wheel.so use_uid

This change means that only members of the administrative group wheel can switch to another user using the su command.

Note

The root user is part of the wheel group by default.

The sudo Command

The sudo command offers another approach to giving users administrative access. When trusted users precede an administrative command with sudo, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user.

The basic format of the sudo command is as follows:

sudo command

In the above example, command would be replaced by a command normally reserved for the root user, such as mount.

The sudo command allows for a high degree of flexibility. For instance, only users listed in the /etc/sudoers configuration file are allowed to use the sudo command and the command is executed in the user’s shell, not a root shell. This means the root shell can be completely disabled as shown in the Red Hat Enterprise Linux 7 Security Guide.

Each successful authentication using the sudo command is logged to the file /var/log/messages and the command issued along with the issuer’s user name is logged to the file /var/log/secure. If additional logging is required, use the pam_tty_audit module to enable TTY auditing for specified users by adding the following line to your /etc/pam.d/system-auth file:

session required pam_tty_audit.so disable=pattern enable=pattern

where pattern represents a comma-separated listing of users with an optional use of globs. For example, the following configuration will enable TTY auditing for the root user and disable it for all other users:

session required pam_tty_audit.so disable=* enable=root

Another advantage of the sudo command is that an administrator can allow different users access to specific commands based on their needs.

Administrators wanting to edit the sudo configuration file, /etc/sudoers, should use the visudo command.

To give someone full administrative privileges, type visudo and add a line similar to the following in the user privilege specification section:

juan ALL=(ALL) ALL

This example states that the user, juan, can use sudo from any host and execute any command.

The example below illustrates the granularity possible when configuring sudo:

%users localhost=/sbin/shutdown -h now

This example states that any member of the users system group can issue the command /sbin/shutdown -h now as long as it is issued from the console.

The man page for sudoers has a detailed listing of options for this file.

Important

There are several potential risks to keep in mind when using the sudo command. You can avoid them by editing the /etc/sudoers configuration file using visudo as described above. Leaving the /etc/sudoers file in its default state gives every user in the wheel group unlimited root access.

  • By default, sudo stores the sudoer’s password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt the user for a password. This could be exploited by an attacker if the user leaves their workstation unattended and unlocked while still being logged in. This behavior can be changed by adding the following line to the /etc/sudoers file:

    Defaults    timestamp_timeout=value

    where value is the desired timeout length in minutes. Setting the value to 0 causes sudo to require a password every time.

  • If a sudoer’s account is compromised, an attacker can use sudo to open a new shell with administrative privileges:

    sudo /bin/bash

    Opening a new shell as root in this or similar fashion gives the attacker administrative access for a theoretically unlimited amount of time, bypassing the timeout period specified in the /etc/sudoers file and never requiring the attacker to input a password for sudo again until the newly opened session is closed.

Sumber Daya Tambahan

While programs allowing users to gain administrative privileges are a potential security risk, security itself is beyond the scope of this particular book. You should therefore refer to the resources listed below for more information regarding security and privileged access.

Installed Documentation

  • su(1) — The manual page for su provides information regarding the options available with this command.

  • sudo(8) — The manual page for sudo includes a detailed description of this command and lists options available for customizing its behavior.

  • pam(8) — The manual page describing the use of Pluggable Authentication Modules (PAM) for Linux.

Online Documentation
See Also

  • Managing Users and Groups documents how to manage system users and groups in the graphical user interface and on the command line.