Concepts and usage of linuxsudo commands

1sudo introduction sudo is a common tool in linux that allows common users to use superuser permissions. it allows the system administrator to let common users execute some or all of the root commands, such as h

1. Introduction to sudo

Sudo is a common tool in linux that allows common users to use superuser permissions. it allows system administrators to execute some or all of the root commands, such as halt, reboot, and su. This not only reduces the login and management time of the root user, but also improves the security. Sudo is not a substitute for shell. it is intended for every command. It has the following features:

Sudo can restrict users from running certain commands only on a host.

Sudo provides a wide range of logs that detail what each user has done. It can upload logs to the central host or log server.

Sudo uses the timestamp file-logs to execute a similar "ticket checking" system. When the user calls sudo and enters its password, the user receives a 5-minute ticket (this value can be changed during compilation ).

The sudo configuration file is a sudoers file, which allows the system administrator to centrally manage user permissions and hosts used. It is stored in/etc/sudoers by default, and the attribute must be 0411.

2. the configuration example is explained in detail below:
 
[Root @ ocm1 ~] # Rpm-qa | grep sudo -- check whether SUDO has been installed. generally, it is installed.

Sudo-1.6.9p17-5.el5

[Root @ ocm1 ~] # Mongodo --- root using mongodo will open the/etc/sudoers file by default,

Root ALL = (ALL) ALL --- the system only has this row by default

Oracle ALL = (ALL) ALL ---- add this line to ORACLE users,

3. possible problems in configuration:

1. the sudo cannot be executed and logs are recorded due to incorrect host name configuration.

Error message: Sorry, user test is not allowed to execute '/bin/cat/etc/sudoers' as root on

Localhost. localdomain.

Solution: change the localhost to the real host name or IP address.

Test localhost =/sbin/cat/etc/sudoers

Defaults @ localhost log_host/var/log/sudo. log

2. sudo cannot be executed due to a command error in the command alias list

Error message: [jackyu @ localhost jackyu] $ sudo cat/etc/sudoers
Sorry, user jackyu is not allowed to execute '/bin/cat/etc/sudoers' as root on
Localhost. localdomain.

Solution: The command is incorrectly written when defined in Cmnd alias (Cmnd_Alias CAT =/bin/cat-n/etc/sudoers ).

Run: sudo cat-n/etc/sudoers