The Linux sudo command and its configuration file/etc/sudoers will know a bit more about the sudo command about Linux. The core idea of the sudo command is the empowerment of a command that belongs to the user who is not yourself and you have permission to execute it. However, it is important to note that although you have permission to execute this command, it is still performed by the user who owns the command itself [Note 1]. (The SU command is similar to the sudo command, but the difference between the two is that Su is a coarse-grained permission given, and the best understanding of Su I think is the change user running command permanent. That is, the permanent switch to the SU past user, and then with this SU to the new user to do everything it can do, and sudo is to execute a command to temporarily switch to the user of this command to execute [Note 1], and sudo can be a single command to assign permissions to other users, More flexible than Su. Probably understand the functionality of sudo, then do you know how to configure sudo? The following is a brief explanation: Configuring sudo configuration file in/etc/sudoers, generally through the Visudo command to safely open the editor. To view the usage of/etc/sudoers, you can use the command: Man 5 sudoers. In the/etc/sudoers file mainly includes these two parts: 1. Alias setting aliases mainly include the following: User_alias,host_alias,runas_alias,cmnd_alias, which are user aliases, host aliases, run user aliases, command aliases. The commands for setting these aliases are primarily for ease of configuration, which is similar to the role of a Linux user group or a database, with aliases that can be used to grant permissions in batches. Set method Alias_type Alias_name = name1, name2, Name3, for example user_alias User1 = user1, User2, User3. Other types of alias settings are similar.
2. The real sudo entry this is to really configure which users can use which commands (you can even set that part without using aliases). The format is: User name (user alias) hostname (host alias) =[(run user or runas_alias) optional] [tag optional] command (or Cmmd_alias) that can be executed. This describes the syntax is very blunt, difficult to understand, for example: User1 host1 =/bin/kill &NB Sp # user1 can use commands on host1/bin/killuser1 host1 = nopasswd:/bin/kill &NBS P # user1 can use the command on Host1/bin/kill at the same time can not enter the password (this is the use of NOPASSWD this tag, the default is passwd) user1 host1 = NOPASSWD:/bin/kill, PASSWORD:/bin/ls # user1 can use command host1 on/bin/kill without input Password, but use/bin/ls to enter the password user1 host1 = (opterator)/bin/kill # user1 can Use command/bin/kill on host1 but must run this command with operator user, equivalent to su-u opertor/bin/killuser1 host1 = (: group_name)/bin/kill # user1 can use command/bin/kill on host1 and must be run by a user in the Group_name user group. %group_name host1 =/bin/kill &NBsp # all group_name users can perform/bin/kill on host1 (Linux generally represents the entire group of users % Group_name) A practical example, I did not understand the sudo su command before, why I can directly su to the root user, even the password is not required? Look at the sudoers file only to know that there is such a line: XXX ALL=NOPASSWD:/bin/su Note: In Linux each process is associated with the Uid,gid, Valid UID, real uid, effective GID, real GID, respectively. Valid uid,gid are used to determine permissions, while real uid,gid are used for accounting (which process belongs to which user, or log logs, and so on). When sudo entry is configured, the valid UID contains the configured user UID, which can be passed when the authorization is verified.
Configuration of the Linux sudo command--sudoers file
