Detailed instructions for using sudo command in Linux system

Introduced

sudo is a Linux system Management Directive, a tool that allows a system administrator to allow ordinary users to perform some or all of the root commands, such as HALT,REBOOT,SU, and so on. This not only reduces the time to log in and manage the root user, but also improves security. sudo is not a substitute for the shell, it is oriented to each command.

sudo command

Sudo-k-l-v-h-k-l-vsudo [-HPSB] [-a auth_type] [-C class-] [-P prompt] [-u username#uid] {e-file [...]-i-s Comman D

Now let's take a look at some of the other common parameters of sudo:

Option meaning effect
Sudo-h help lists usage methods and exits.
Sudo-v version Displays the release information and exits.
The Sudo-l list lists the commands that the current user can execute. This option is available only to users in Sudoers.
The Sudo-u username#uid user executes the command as the specified user. The following user is a user name, or #uid, other than root.

Sudo-k Kill clears the time on the "entry" and then enter the password again the next time you use sudo.

The sudo-k sure Kill is similar to K, but it also tears up the "entry volume", which is to delete the timestamp file.

Sudo-b command Background executes the specified commands in the background.

Sudo-p prompt command Prompt can change the prompt that asks for a password, where%u is substituted for the user account name, and%h displays the host name. Very humanized design.

Instead of executing the command, sudo-e file edit modifies the files, which is equivalent to the command sudoedit.

In the Linux console, we often get a return message when we run some instructions with a regular user, like looking for Apache profiles httpd.conf

[Sun@localhost www]$ Find/-name httpd.conf
Find: '/boot/lost+found ': Permission denied

It means: No permissions, because some directories are not accessible to ordinary users, such as the listed/boot/lost+found directory

At this point we are going to use the SU directive to switch to Superuser, but one of the drawbacks of using SU is that you have to know the superuser password first. If you are a superuser, the problem is small, if the other user is operating, but you do not want to tell others your Super Administrator password, this time need to use the sudo command.

sudo allows the average user to get permission without having to know the root user's password. First, the superuser will be the name of the ordinary user, the specific commands that can be executed, according to which user or group of users in the identity of the implementation of information, registration in a special file (usually/etc/sudoers), that is, to complete the user's authorization (this time the user is called "sudoer") , when a general user needs special permission to add "sudo" to the command, Sudo will ask the user his or her own password (to confirm that the user is in front of the terminal), and the system will run the process of the command as Superuser's right after the answer. After a period of time (the default is 5 minutes, which can be customized in/etc/sudoers), sudo does not require a password to be entered again.

Configuration

Detects if sudo is installed and is typically installed by default

[Sun@localhost www]$ rpm-q sudo
Sudo-1.8.6p3-12.el6.x86_64

Edit sudo configuration file/etc/sudoers is generally not directly use VI (vi/etc/sudoers) to edit, because the sudoers configuration has a certain syntax, directly with the VI edit Save system will not check the grammar, If the error is also saved may result in the inability to use the sudo tool, preferably using the Visudo command to configure. Although Visudo is also called VI to edit, but save the grammar check, error will be prompted.

Execute with Root:

[Root@localhost www]$ Visudo

Found it

Allow ROOT to run any commands anywhere means that root allows any command to run, as is rightfully the case.

First field: Root, a user who can use the sudo command;
Second field: The first all refers to the use of sudo host, the second bracket of all to use sudo in what identity (the identity of the intended user) to execute instructions;
The third word: all refers to the command that is allowed to execute by sudo;

Together means that the root user can use the sudo command to execute all the instructions on all the hosts in all the user's capacity.

Now we're going to add sudo for a regular user sun

Code meaning: Sun users can use the sudo command, in all hosts can be as root, to execute/usr/bin/find,/usr/bin/cd,/bin/cat instructions. It should be noted here that the instructions listed here must use an absolute path.

Switch to the Sun user after saving and we'll do it again.

[Sun@localhost www]$ sudo find/-name httpd.conf
[sudo] password for Sun:
/etc/httpd/conf/httpd.conf

Once the Sun users enter their own password, they can hit the httpd.conf position.