Sudo command scenario analysis

Sudo command scenario analysis

Using the sudo command in Linux allows common users to execute some or all of the root commands. This article analyzes the sudo operation scenarios that we commonly use, and uses some examples to learn about the sudo command-related skills.

Scenario 1: The user has no permission to execute the root command.
After a common user logs on to the shell, if the user does not have the permission to access a file or execute a command, if the user is granted root authorization, the user can add sudo before the command to be executed, temporarily switch to the root user permission to complete related operations. Before sudo was written around 1980, the general mode of user management system is to use su to switch to a Super User. However, one of the disadvantages of using su is that you must first inform the super user of the password, and sudo allows general users to obtain permissions without having to know the super user's password.

Linux Tutorial: how to define the PATH environment variable for the sudo command

Use and enable the root account with Ubuntu sudo and su commands

Sudo: sorry, you must have a tty to run sudo

Configure sudo permissions in Linux

Temporary root permission for sudo Configuration

How to solve the problem that users cannot execute sudo in Linux

The Linux system administrator must not know the command: sudo

Sudo permission allocation

Which users can temporarily obtain the root permission? This requires configuration in the/etc/sudoers file:

Authorize a single user:

# User privilege specification
Guohl ALL = (ALL) ALL
In the above example:

Guohl: User Name that allows sudo
ALL: allows the use of sudo from any terminal (any machine)
(ALL): allows any user to execute the sudo command.
ALL: Allow sudo permission to execute any command
If we want the user test to run the/bin/chown and/bin/chmod commands under the root account on the current host (the host name is guohl-pc), we should configure it as follows:

# User privilege specification
Test guohl-pc = (root)/bin/chown,/bin/chmod
If the sudo command is run after the test is logged on, all the commands that do not meet the preceding three conditions fail.

Authorize to user group:

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move it further down)
% Sudo ALL = (ALL) ALL
It is similar to authorizing a single user, except that the user name is changed to % group name here. All users in this group are authorized according to this rule. In this example, ALL users in the sudo group are on any terminal (the first ALL), any user (the second ALL), and execute any command (the third ALL) view the/etc/group file to know which users belong to the sudo group.

Example:

If the current account is granted the sudo permission in the/etc/sudoers file, you can use any root command as a parameter of the sudo command and use the root permission to execute the command. For example, mounting a file system can only be executed by the root user, but a common user can also use sudo to mount the file system:

$ Sudo mount/dev/sda7/mnt
[Sudo] password for guohailin:
The first use requires you to enter the current user's password. If the system is correct, the mount command is executed with the root permission. The next time (the default value is 5 minutes) if you use the sudo command again, you do not need to enter the password.

Scenario 2: if you forget to use sudo after editing vim
We often encounter an environment where vim is used to edit a file. After editing, Press ESC and return to normal mode, and then press: wq to save and exit, we found that we did not have the permission to modify the file. We forgot to add sudo before using the vim command. I often see this problem. The previous practice was to add sudo and re-edit it without saving and leaving.

But in the future, we will no longer need to use such stupid practices. In the normal mode of vim, we can press: w! Sudo tee %. In this way, the root permission can be used to save the file. You don't have to be upset because you forgot to add sudo for a while!

Scenario 3: Execute the root command and forget to add sudo
We will also encounter such a better situation: after entering a long command and pressing Enter, there is no permission to operate, because we forgot to add sudo. Most people return to the previous command by pressing "done", add sudo before the command, and then execute the command.

In the future, we don't need this anymore. Just enter sudo !! That's it !! Indicates the previous command. For example:

$ Head-n 4/etc/sudoers
Head: cannot open '/etc/sudoers' for reading: Permission denied

$ Sudo !!
Sudo head-n 4/etc/sudoers
#/Etc/sudoers
#
# This file MUST be edited with the 'mongodo 'command as root.
#

For more details, please continue to read the highlights on the next page:

1 2 Next Page