Shulou(Shulou.com)06/02 Report--

In this article, the editor introduces in detail "how to use the sudo command under linux". The content is detailed, the steps are clear, and the details are handled properly. I hope that this article "how to use the sudo command under linux" can help you solve your doubts.

Sudo is a commonly used tool under linux that allows ordinary users to use superuser privileges, allowing system administrators to let ordinary users execute some or all of the root commands, such as halt,reboot,su, and so on. This not only reduces the login and management time of root users, but also improves security.

Matters needing attention in directly modifying / etc/sudoers files

1. It is best to use echo > > append when operating, but cat sed can also be implemented (rarely used)

2. Be sure to check the syntax visudo-c after the modification.

3. Make sure that the default permission of / etc/sudoers is 440 (to prevent misuse of permissions)

4. Verify whether the modified configuration is correct in time

5. Make sure you know the root password so that ordinary users can switch through the sudo su-command.

Second, sudo configuration file / etc/sudoers [root@Centos ~] # cat / etc/sudoers# Sudoers allows particular users to run various commands as## Examples are provided at the bottom of the file for collections## of related commands, which can then be delegated out to particular## users or groups.## This file must be edited with the 'visudo' command.## Host Aliases## Groups of machines. You may prefer to use hostnames (perhaps using## wildcards for entire domains) or IP addresses instead.# Host_Alias MAILSERVERS = smtp, smtp2## User Aliases## These aren't often necessary, as you can use regular groups## (ie, from files, LDAP, NIS, etc) in this file-just use% groupname## rather than USERALIAS# User_Alias ADMINS = jsmith, mikem

When modifying, copy the format of the system as far as possible to make relevant changes to prevent configuration errors and difficult to correct.

After you have successfully modified the authorization of a user, switch to the user and use sudo-l to see which permissions you have.

[yuw001@Centos] $sudo-l [sudo] password for yuw001:User yuw001 may run the following commands on this host: (root) / bin/ping, / bin/hostname, / usr/bin/free, / sbin/route,/bin/netstat

Remember to add sudo when using the command

[yuw001@Centos ~] $hostname linuxhostname: you must be root to change the hostname [yuw001@Centos ~] $/ bin/hostname linuxhostname: you must be root to change the hostname [yuw001@Centos ~] $sudo hostname linux [root@linux ~] # found that the hostname was modified successfully after logging in again

One line of the configuration file is a rule, which is annotated with # and continued with'\'(newline).

III. Classification of rules in configuration files

1. Alias type

Alias types are divided into the following categories

A, Host_Alias (host alias)

Generally speaking, host aliases are not set in production environment, and host aliases are not commonly used.

The first ALL of root ALL= (ALL) ALL is the location where the host alias is applied

B, User_Alias (user alias)

If it means a user group, then add% in front of it.

Root ALL= (ALL) ALL root is the application location of the user alias User_Alias ADMINS = jsmith, mikem

C, Runas_Alias alias

This alias is the specified "user identity", that is, the user to which sudo is allowed to switch

The second (ALL) of root ALL= (ALL) ALL is the application location of the user alias Runas_Alias OP = root

D, Cmnd_Alias (command alias)

Is to define an alias that can contain the contents of a bunch of commands (a collection of related commands)

The third ALL of root ALL= (ALL) ALL is the application location of the user alias Cmnd_Alias DRIVERS = / sbin/modprobe

Description

The user in the user alias must be real in the system, pay attention to the space when writing, the user alias has a special meaning, and the user alias must be capitalized.

Members under the command must use an absolute path, which can be wrapped with'\'

2. Authorization rules

Authorization rules are rules that are executed, and all ALL in authorization must be capitalized

# # Allow root to run any commands anywhereroot ALL= (ALL) ALLyumw ALL= (ALL) / usr/sbin/useradd,/usr/sbin/userdel###user group sa allow to run commands anywhereyuw ALL=/usr/sbin*,/sbin*sa ALL=/usr/sbin*,/sbin*,! / sbin/fdisk

! To prohibit the execution of this order

[sa@linux] $sudo-lUser sa may run the following commands on this host: (root) / usr/bin*, (root) / sbin*, (root)! / sbin/fdisk [sa@linux ~] $sudo fdiskSorry, user sa is not allowed to execute'/ sbin/fdisk' as root on linux.

If you modify the configuration

# user group sa allow to run commands anywhereyuw ALL=/usr/sbin*,/sbin*sa ALL=! / sbin/fdisk,/usr/sbin*,/sbin* [sa@linux ~] $sudo-lUser sa may run the following commands on this host: (root) / usr/bin*, (root) / sbin* (root)! / sbin/fdisk [root@linux ~] # su-sa [sa@linux ~] $sudo fdisk [sudo] password for sa:Usage:fdisk [options] disk change partition tablefdisk [options]-l disk list partition table (s) fdisk-s partition give partition size (s) in blocksOptions:-b size sector size (512, 1024 2048 or 4096)-c switch off DOS-compatible mode-h print help-u size give sizes in sectors instead of cylinders-v print version-C number specify the number of cylinders-H number specify the number of heads-S number specify the number of sectors per track

Therefore, the test results show that the matching rules executed by the sa ALL=! / sbin/fdisk,/usr/sbin*,/sbin* command are from back to front, so the subsequent execution of sudo fdisk will not indicate the phenomenon of insufficient permissions.

After reading this, the article "how to use sudo commands under linux" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.