The literal meaning of Sodo should be switch user excute a command as another user, with the permission of another user to execute commands. As in TV dramas, the emperor sent his confidant to investigate the corrupt officials, but the minister did not have the right of the emperor, at some point to use the rights of oppressing, you can take out the Emperor Royal Imperial Sword to represent the emperor to exercise these rights.
the difference between sudo and Su
Some people are very confused so already have Su, if you want to execute the command without permission, you can switch the user to complete the operation, why do you have to issue such a command again. The reason is that when using Su, you must enter the corresponding user's password, if you want to use the root user has permission to operate commands, then the root user is faced with the risk of password leakage, in view of the system security, so the development of easier to use and secure sudo.
sudo configuration file path
/etc/sudoers
sudo configuration file Special editor
The edit sudo has a proprietary command visudo
that allows only a single user to edit, and can be checked for syntax.
The basic format of the sudo configuration file
who where=(run_as_who) run_commands
总结下来就是:
谁在哪台主机以谁的身份运行什么命令
the alias mechanism for sudo configuration
There are three aliases for sudo, namely:
User aliases, address aliases, Runas aliases, command aliases.
User_alias test_user =jack,rose//semicolon-separated between users
Host_alias test_host= All//addresses can be used with sudo
Runas_alias Test_runas//usage and user aliases
Cmnd_alias Test_cmnd/usr/sbin/useradd,/usr/bin/passwd//command to write feel path
By default, the first time you use the sudo command requires a password, but the second time you do not have to enter it. sudo password can be cached for 5 minutes, five minutes to use is not required to lose the password, five minutes later asked to enter the password again. Then when we have something to go out, you can use the Sudo-k command to invalidate their password, then when used again, you need to re-lose password.
If you don't want to enter a password each time you use it, you can add the NOPASSWD option:
118## Here is sudo config
119
120## User_Alias
121 User_Alias USER_ALLOW=liangzi
122 Host_Alias HOST_ALLOW=192.168.75.188
123 Cmnd_Alias COMMAND_ALLOW=/usr/sbin/useradd
124
125 USER_ALLOW HOST_ALLOW=(root) NOPASSWD:COMMAND_ALLOW
Sudo's command execution log information is placed in the cat /var/log/secure
file and can be viewed periodically to avoid malicious commands.
Application of the Linux sudo command