我的用户(tom)通过semanage映射到user_u用户,user_r角色和user_t域
[tom@localhost ~]$ id -Z
user_u:user_r:user_t:s0
[tom@localhost ~]$
因为我已将“默认”设置为“user_u”
[tom@localhos ~]$ sudo semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ user_u s0 *
root unconfined_u s0-s0:c0.c1023 *
system_u system_u s0-s0:c0.c1023 *
[tom@localhos ~]$
但它仍然可以执行 sudo
[tom@localhost ~]$ sudo -l
Matching Defaults entries for tom on localhost:
User tom may run the following commands on localhost:
(ALL) NOPASSWD: ALL
[tom@localhost ~]$
看来,这是因为 sudoers 中的“%<user tom's group> ALL = (ALL) NOPASSWD:ALL”
[tom@localhost ~]$ sudo cat /etc/sudoers
root ALL = (ALL) NOPASSWD:ALL
%<user tom's group> ALL = (ALL) NOPASSWD:ALL
admin ALL = (ALL) NOPASSWD:ALL
[tom@localhost ~]$
请帮我解决我的问题
答案1
使用sudo visudo并评论有问题的行。就做非常确保有某种方法可以获得这台机器上的 root 权限前您保存更改