Application of the Linux sudo command

The literal meaning of Sodo should be switch user excute a command as another user, with the permission of another user to execute commands. As in TV dramas, the emperor sent his confidant to investigate the corrupt officials, but the minister did not have the right of the emperor, at some point to use the rights of oppressing, you can take out the Emperor Royal Imperial Sword to represent the emperor to exercise these rights.

the difference between sudo and Su
Some people are very confused so already have Su, if you want to execute the command without permission, you can switch the user to complete the operation, why do you have to issue such a command again. The reason is that when using Su, you must enter the corresponding user's password, if you want to use the root user has permission to operate commands, then the root user is faced with the risk of password leakage, in view of the system security, so the development of easier to use and secure sudo.

sudo configuration file path
/etc/sudoers

sudo configuration file Special editor
The edit sudo has a proprietary command visudo that allows only a single user to edit, and can be checked for syntax.

The basic format of the sudo configuration file

who  where=(run_as_who) run_commands
总结下来就是：
谁在哪台主机以谁的身份运行什么命令

the alias mechanism for sudo configuration
There are three aliases for sudo, namely:
User aliases, address aliases, Runas aliases, command aliases.
User_alias test_user =jack,rose//semicolon-separated between users
Host_alias test_host= All//addresses can be used with sudo
Runas_alias Test_runas//usage and user aliases
Cmnd_alias Test_cmnd/usr/sbin/useradd,/usr/bin/passwd//command to write feel path

By default, the first time you use the sudo command requires a password, but the second time you do not have to enter it. sudo password can be cached for 5 minutes, five minutes to use is not required to lose the password, five minutes later asked to enter the password again. Then when we have something to go out, you can use the Sudo-k command to invalidate their password, then when used again, you need to re-lose password.

If you don't want to enter a password each time you use it, you can add the NOPASSWD option:

    118## Here is sudo config
    119
    120## User_Alias
    121 User_Alias USER_ALLOW=liangzi
    122 Host_Alias HOST_ALLOW=192.168.75.188
    123 Cmnd_Alias COMMAND_ALLOW=/usr/sbin/useradd
    124
    125 USER_ALLOW HOST_ALLOW=(root) NOPASSWD:COMMAND_ALLOW

Sudo's command execution log information is placed in the cat /var/log/secure file and can be viewed periodically to avoid malicious commands.

Application of the Linux sudo command