Root Privilege Pass: Sudo

Sudo (substitute user [or Superuser] do) is a program that is used for UNIX-based systems such as Bsd,mac OS X, and Gnu/linux to allow the user to use a special limited-travel style (usually a super-user) in a way that is safe for users. Prior to Sudo being out 1980 years ago, the general user managed the system by using the Su-cut super-user. But one of the shortages of using SU is that it is necessary to inform the super-user of the secret first.

sudo makes it possible for the general user not to know the super-user's secret limit. First, the user's name, the specific commands that can be executed, the execution of the user's or user's identity, etc., are logged in a special case (usually/etc/sudoers), i.e. the person who completed the application sudoer"); In general users need to obtain a special limit, which can be added to the command before the"sudo", the sudo user's own secret (in front of the user himself), the answer is the order of the process to the user of the limit line. After a paragraph (5 points, can be/etc/sudoers from), using sudo does not need to re-enter the secret. Because there is no need for hyper-users, some UNIX systems even use sudo to make it easy for the general user to replace the super-user for management, such as Ubuntu, Mac OS x.

The implementation rules of the sudo command are defined in/etc/sudoers, which only administrators can edit and have a dedicated editing tool Visudo. If you want to understand their detailed usage, you can use the man command to view them.

Let's look at an application first:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/F4/wKiom1XbO4SzcvSqAABA3o1VLtM770.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/71/F1/wKioL1XbPZmy7jkXAAFUFcfC95Y891.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/71/F4/wKiom1XbO4XhNY8CAAIYL3HJCTs401.jpg "/>

After we have defined it in/etc/sudoers, we need to use the sudo command to follow the allowed management commands.

Sudo:

Parameters

-B executes the instruction in the background.

-h displays Help.

-H Sets the home environment variable to the new identity of the home environment variable.

-K The expiration of the password, which is required to enter the password the next time the sudo is executed.

-l lists instructions that are currently available to users and cannot be executed.

-p Change the hint symbol to ask for the password.

-S executes the specified shell.

-U < user > with the specified user as the new identity. If this parameter is not added, the default is the new identity as root.

-V Extend the password for a period of 5 minutes.

-V Displays version information.

-S to obtain a password from a standard input stream instead of a terminal

In defining a command, you can use an alias mechanism that has a user alias, a host alias, an authorization identity alias, and a command alias:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/F1/wKioL1XbPZqgVXBsAAE66QCWq4w751.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/F4/wKiom1XbO4WD8ciLAAF1IOWg0Gw292.jpg "/>

Aliases can be nested, and command aliases can use directories, representing all commands under this directory, "Sudoedit" (which means you can edit sudoers files).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/F1/wKioL1XbPZqCu7pQAADU6WfePB8801.jpg "/>

We see that if you add the passwd command to CentOS, it can also change the root password by default, which is too dangerous, so you can use! Remove root.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/F4/wKiom1XbO4aQ84WEAADGcY3zyps755.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/71/F1/wKioL1XbPZrgjkqFAACeVt5N3YM037.jpg "/>

It's annoying that we've been losing passwords, right? You can use the NOPASSWD keyword to define the no password, passwd define the use of a password.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/71/F4/wKiom1XbO4bynBRBAALeEGPD6xs659.jpg "/>

You can see the operation of each sudo in the security log.

This article is from the "Linuxlove" blog, make sure to keep this source http://linuxlover.blog.51cto.com/2470728/1687857

Root Privilege Pass: Sudo