Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what are the skills for the use of sudo on Linux", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "what are the skills for the use of sudo on Linux" this article.

What many users don't know is that sudo can be used to execute commands as any user, not just the root user. In the hands of experienced administrators, sudo can be used to establish fine-grained permissions to grant users permission to perform some administrative tasks without opening the door wide. Let's take a look at some practices that use sudo to control system access and that users can still maintain efficiency.

Remember, you must use the visudo command to edit the / etc/sudoers file.

It seems tempting and simple to give trusted users full access so that they can execute any command as any user. Please shut out this temptation because you want to limit access to possible limits.

1. Limit account switching: do not configure sudo to allow users to switch to other accounts as long as it is possible. Instead, try configuring sudo to allow users to execute specific commands as the user they need to operate with. For example, users need to install software to allow them to run RPM or APT as root without having to convert to root.

2. Don't use ALL: the most common mistake is to grant ALL permissions-- which means you can access all commands, all users, or any other permission arrangement. Although permission locking is time-consuming and laborious, it is worth the trouble.

3. Split sudoers: if you have many systems to manage and do not want to copy the same / etc/sudoers file to all systems, you can split the sudoers file into pieces and invoke the include file with a specific sudo configuration. For example, if you want to use the same set of instructions when managing Apache and MySQL, you can split out a separate sudo.mysql file and call it from the main sudoers file using the include directive.

4. Make good use of groups: if possible, authorize by group, not by individual user. For example, there is an admin group with administrative privileges to manage packages and updates. In this case, you don't have to edit the sudoers file every time you add or delete a user-- just make sure that the user is properly managed and added / deleted in the admin group.

5. Timeout setting: make sure there is an appropriate timeout setting. If it is too short, users will soon feel discouraged. A good idea is to set it to about 5 minutes.

6. Follow the correct path: lock the path to the binary file by specifying the secure_path instruction in the sudo-- ensuring that the user cannot execute the command outside the secure_path.

7. Log to other files: by default, sudo may log logs in a normal messages log file along with other system messages. This is an acceptable solution for single-user systems such as Ubuntu desktops, but it is not good to do the same for servers. Configure sudo to have its own log file, so that the use of sudo and changes to sudoers are more transparent.

Where can I use sudo?

Yes, sudo is a powerful tool, but it is not easy to configure and difficult to maintain. If experienced administrators use it in a small number of systems, it is a complete way to implement role-based access control. But if it is a larger enterprise with dozens of IT staff and dozens or even hundreds of servers, sudo's permissions will soon be fully exposed. Other tools can be used to support sudo. One way is to use a configuration framework such as Puppet to manage sudo configurations across multiple systems. This can be particularly effective for companies that are primarily based on Linux and Unix, although the Puppet learning curve may be a bit steep.

If an enterprise has deployed Microsoft Active Directory (active Directory) in a network with a mix of Linux and Windows servers, then Likewise Enterprise can also be used to incorporate Linux and Unix systems into Active Directory management. This not only links Linux and Unix logins to the Active Directory trusted network, but also manages the sudo configuration for all servers in the network.

Other tools can be found to help supplement sudo to provide more robust privileged user management. It is important to evaluate the network and determine whether sudo alone can meet the needs. Sudo is often good enough for small businesses-- if you can follow the practice and have a good understanding of sudo configuration. Failing to manage sudo correctly is almost worse than simply sharing root trust, because it provides the wrong sense of security. Know how to use sudo and follow these practices, so you can relax and have a good time.

The above is all the contents of the article "what are the tips for using sudo on Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.