пятница, 2 января 2009 г.

Произвольный шелл пользователя root в Solaris 10

Одна малоизвестная особенность Solaris 10 заключается в возможности задания произвольного шелла пользователю root. Например, bash, ksh и так далее.

В-общем, это, конечно, не новость. Однако про нее мало кто слышал.

В двух словах - в Solaris 10 встроена защита рутового шелла. Если по какой-либо причине заданный в /etc/passwd шелл рута нельзя стартовать, стартует /sbin/sh.

Проведем небольшой эксперимент.

Заменим руту шелл на bash:

# usermod -s /bin/bash root
UX: usermod: root is currently logged in, some changes may not take effect until next login.
# init 6
# svc.startd: The system is coming down. Please wait.
svc.startd: 47 system services are now being stopped.
Jan 2 08:01:28 blade syslogd: going down on signal 15
svc.startd: The system is down.
syncing file systems... done
rebooting...
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 2005 Sun Microsystems, Inc. All rights reserved.
OpenBoot 4.17.1, 1152 MB memory installed, Serial #51433606.
Ethernet address 0:3:ba:10:d0:86, Host ID: 8310d086.

Rebooting with command: boot
Boot device: disk File and args:
SunOS Release 5.10 Version Generic_138888-01 64-bit
Copyright 1983-2008 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
SUNW,eri0 : 100 Mbps full duplex link up
Hostname: blade
/dev/rdsk/c0t0d0s7 is clean
/dev/rdsk/c0t2d0s7 is clean
/dev/rdsk/c0t0d0s5 is clean
Reading ZFS config: done.

blade console login: root
Password:
Jan 2 08:04:52 blade login: ROOT LOGIN /dev/console
Last login: Fri Jan 2 06:33:36 from lmd_client
root @ blade / # reboot -- -s
Jan 2 20:05:04 blade reboot: rebooted by root
syncing file systems... done
rebooting...
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 2005 Sun Microsystems, Inc. All rights reserved.
OpenBoot 4.17.1, 1152 MB memory installed, Serial #51433606.
Ethernet address 0:3:ba:10:d0:86, Host ID: 8310d086.

Rebooting with command: boot -s
Boot device: /pci@1f,0/ide@d/disk@0,0 File and args: -s
SunOS Release 5.10 Version Generic_138888-01 64-bit
Copyright 1983-2008 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Booting to milestone "milestone/single-user:default".
Hostname: blade
SUNW,eri0 : 100 Mbps full duplex link up
Requesting System Maintenance Mode
SINGLE USER MODE

Root password for system maintenance (control-d to bypass):
single-user privilege assigned to /dev/console.
Entering System Maintenance Mode

Jan 2 08:07:16 su: 'su root' succeeded for root on /dev/console
root @ blade / # who -r
. run-level S Jan 2 20:07 S 0 0
root @ blade / # logout
svc.startd: Returning to milestone all.
/dev/rdsk/c0t0d0s7 is clean
/dev/rdsk/c0t2d0s7 is clean
/dev/rdsk/c0t0d0s5 is clean
Reading ZFS config: done.

blade console login: root
Password:
Jan 2 08:09:27 blade login: ROOT LOGIN /dev/console
Last login: Fri Jan 2 08:04:51 on console
root @ blade / #

Итак, никаких проблем. И в single-user и в нормальном режиме работы мы можем использовать bash без ограничений.