Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to use sudo commands in the linux system", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to use sudo commands in the linux system" this article.

Using the Sudo command under Linux allows ordinary users to execute some or all of the root commands.

Image-202108262104438021.sudo introduction

Sudo is a commonly used tool under linux that allows ordinary users to use superuser privileges, allowing system administrators to let ordinary users execute some or all of the root commands, such as halt,reboot,su, and so on. This not only reduces the login and management time of root users, but also improves security. Sudo is not a substitute for shell, it is for each command.

Its main characteristics are as follows:

Sudo can restrict users from running certain commands only on a host.

Sudo provides a rich log of what each user does in detail. It can send logs to the central host or log server.

Sudo uses a timestamp file to perform a similar "ticket check" system. When the user calls sudo and enters its password, the user gets a ticket with a lifetime of 5 minutes (this value can be changed at compile time).

The configuration file for sudo is the sudoers file, which allows system administrators to centrally manage the user's permissions and hosts. Its location is / etc/sudoers by default, and the attribute must be 0411.

two。 Configuration file / etc/sudoers

Its main configuration file is usually under sudoers,linux / etc directory, if it is solaris, sudo is not installed by default, it is usually installed in the etc directory of the installation directory after compilation, but no matter where the sudoers file is, sudo provides a command to edit the file: visudo to modify the file. It is highly recommended to use this command to modify sudoers, as it will help you verify that the file configuration is correct, and if not, it will prompt you which section of the configuration is wrong when saving exit.

To get back to the point, here's how to configure sudoers. First, write the default configuration of sudoers:

# sudoers file.## This file MUST be edited with the 'visudo' command as root.## See the sudoers man page for the details on how to write a sudoers file.## Host alias specification# User alias specification# Cmnd alias specification# Defaults specification# User privilege specificationroot ALL= (ALL) ALL# Uncomment to allow people in group wheel to run all commands#% wheel ALL= (ALL) ALL# Same thing without a password#% wheel ALL= (ALL) NOPASSWD: ALL# Samples#% users ALL=/sbin/mount / cdrom / sbin/umount / cdrom#% users localhost=/sbin/shutdown-h now#

\ 1. In the simplest configuration, after the ordinary user support has all the permissions of root to execute visudo, you can see that there is only one configuration by default:

Root ALL= (ALL) ALL

Then you can add another configuration below:

Support ALL= (ALL) ALL

In this way, the ordinary user support will be able to execute all commands with root permissions

After logging in as the support user, execute:

Sudo su-

Then enter the password of the support user, and you can switch to the root user.

\ 2. To allow an ordinary user support to execute some commands that root can execute on only a few servers, you need to configure some Alias first, so it is more convenient to configure permissions below, without having to write a large number of configurations. Alias is mainly divided into four types.

Host_AliasCmnd_AliasUser_AliasRunas_Alias

\ 1) configure Host_Alias: it is a list of hosts

Host_Alias HOST_FLAG = hostname1, hostname2, hostname3

\ 2) configure Cmnd_Alias: is a list of commands that are allowed to be executed

Cmnd_Alias COMMAND_FLAG = command1, command2, command3

\ 3) configure User_Alias: it is a list of users with sudo permissions

User_Alias USER_FLAG = user1, user2, user3

\ 4) configure Runas_Alias: it is a list of the identity in which the user executes (for example, root or oracle)

Runas_Alias RUNAS_FLAG = operator1, operator2, operator3

\ 5) configure permissions

The format for configuring permissions is as follows:

USER_FLAG HOST_FLAG= (RUNAS_FLAG) COMMAND_FLAG

If password authentication is not required, configure it in this format

USER_FLAG HOST_FLAG= (RUNAS_FLAG) NOPASSWD: COMMAND_FLAG

Example configuration:

# sudoers file.## This file MUST be edited with the 'visudo' command as root.## See the sudoers man page for the details on how to write a sudoers file.## Host alias specificationHost_Alias EPG = 192.168.1.1 192.168.1. SQUID# Uncomment to allow people in group wheel to run all commands# User alias specification# Cmnd alias specificationCmnd_Alias SQUID = / opt/vtbin/squid_refresh, / sbin/service, / bin/rm# Defaults specification# User privilege specificationroot ALL= (ALL) ALLsupport EPG= (ALL) NOPASSWD: SQUID# Uncomment to allow people in group wheel to run all commands#% wheel ALL= (ALL) ALL# Same thing without a password#% wheel ALL= (ALL) NOPASSWD: ALL# Samples#% users ALL=/sbin/mount / cdrom / sbin/umount / cdrom#% users localhost=/sbin/shutdown-h now###

The above is all the contents of the article "how to use sudo commands in linux system". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.