Home > Articles

  • Print
  • + Share This
This chapter is from the book

Privilege Escalation

The concept behind privilege escalation is that a user may need to be able to execute commands using an account that has more privileges than the user’s account normally has. For example, a regular user may need to execute a command that requires root user access. There are several techniques that can provide privilege access; this subsection covers the techniques that are exam testable.

su

The su command allows a user to shift user accounts:

[student@OCS ~]# id
uid=1000(student) gid=1000(student) groups=1000(student)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[student@localhost ~]# su root
Password:
[root@OCS ~]# id
uid=0(root) gid=0(root) groups=0(root)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

One option is permitted when executing the su command: the - option. When you execute the su command with the - option, a new login shell will be provided. When you’re not using the - character, a non-login shell will be provided.

sudo

When properly configured by the administrator, users can use the sudo command to run commands as other users (typically as the root user). To execute a command as root, enter the following:

sudo command

You will be prompted for your own password and, if the settings in the /etc/sudoers file are correct, the command will execute correctly. If the settings are not correct, an error message will appear.

The following table describes common options for the sudo command:

Option

Description

-b

Run the command in the background.

-e

Run like the sudoedit command. See the “sudoedit” subsection in this chapter.

-l

List which commands are allowed for this user.

-u user

Run the command as user rather than as the root user.

Also see the “visudo” section in this chapter for details regarding the /etc/sudoers file.

wheel

A common method for providing non-root users with root access is to use the wheel group. If enabled in the /etc/sudoers file (normally this line is “commented out”), anyone in the wheel group will have the ability to run any command as the root user via the sudo command:

%wheel   ALL=(ALL)    ALL

visudo

The /etc/sudoers file is used to determine which users can use the sudo command to execute commands as other users (typically as the root user). To edit this file, you must be logged in as the root user and should use the visudo command rather than edit the file directly.

The following table describes important definitions for the /etc/sudoers file:

Option

Description

User_Alias

A name that represents a group of users (for example, User_Alias ADMINS = julia, sarah)

Cmnd_Alias

A name that represents a group of commands (for example, Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/yum).

The format of an entry for the /etc/sudoers file uses the following syntax:

user             machine=commands

To allow the student user the ability to execute the /usr/bin/yum command as the root user, add an entry like the following to the /etc/sudoers file:

student        ALL=/usr/bin/yum

To allow all members of ADMINS the ability to execute all of the SOFTWARE command as the root user, add an entry like the following to the /etc/sudoers file:

ADMINS      ALL=SOFTWARE

sudoedit

If you want to edit a file using sudo access, consider using the sudeoedit or sudo -e command. Using this feature requires having the ability to edit a file using a command designed to edit files (such as nano, vi, or vim).

Example:

sudoedit file1

Note that the editor that will be chosen depends on variables. The following variables are consulted:

  • SUDO_EDITOR

  • VISUAL

  • EDITOR

If none of these variables is set, then the vi editor is typically the default.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.