1. First edit the configuration file/etc/sudoers, or directly edit the file by running the export do command,
2. the syntax for configuring the/etc/sudoers configuration line is as follows:
User MACHINE = COMMANDS
User: Authorized user
MACHINE: Authorized host address
COMMANDS: Authorization command
/Etc/sudoers can also be replaced by an alias,
The first column "User_Alias, Host_Alias, Cmnd_Alias" is the keyword,
The second column "OPERATORS, MAILSERVERS, SOFTWARE" is the custom alias
Column 3: specific content of the alias.
Example: alias;
User_Alias OPERATORS = jerry, tom, tsengyia
Host_Alias MAILSERVERS = smtp, pop
Cmnd_Alias SOFWARE =/bin/rpm,/usr/bin/yum
For example, to authorize the mikey, you can use sudo to call all commands in the/sbin and/usr/bin directories, but do not call the/sbin/ifconfig command to modify the eth0 Nic parameter, do not call the/usr/bin/vim command to prevent system files from being modified)
# Mongodo
Mikey localhost =/sbin/*,/usr/bin /*! /Sbin/ifconfig eth0 ,! /Usr/bin/vim
Log sudo log
Sudo can get married to the system log and write the commands executed by the user through sudo to the log for the Administrator to view and enable the log function, you only need to add the "Defaults logfile" configuration parameter in the "/etc/sudoers" file, and in the System Log service configuration file "/etc/syslog. add the "local2.debug/var/log/sudo" record in conf.
The procedure is as follows:
# Mongodo
Defaults logfile = "/var/log/sudo"
# Vi/etc/syslog. conf
Local2.debug/var/log/sudo
# Service syslog restart
Use the sudo command, that is, use man sudo
Recommended reading:
Use and enable the root account with Ubuntu sudo and su commands
Sudo: sorry, you must have a tty to run sudo
Configure sudo permissions in Linux
Temporary root permission for sudo Configuration
How to solve the problem that users cannot execute sudo in Linux
The Linux system administrator must not know the command: sudo