Sudo in Ubuntu

A distinctive feature is that you cannot log on to the system as root for the first time. Why? This should begin with the installation of the system. For other Linux systems, the root password is usually set during the installation process, so that the user can use it to log on to the root account or use the su command to convert to the Super User identity. In contrast, UBUNTU does not set a password for the root user or enable the root account when it is installed by default. The problem is, what should I do if I want to run the command as a root user? It doesn't matter. We can use the sudo command for this purpose.
Sudo is a common tool in Linux that allows common users to use superuser permissions. This command provides the Administrator with a fine-grained access control method, through it, people can access the system both as Super Users and as other types of users. The advantage of doing so is that administrators can grant some specific types of Super User Permissions without telling the user the root password, which is what many system administrators dream.

1. Default sudo Configuration

By default, UBUNTU provides a basic configuration for sudo, Which is saved in the sudoers file under the/etc directory. When modifying the configuration file, you must use the mongodo tool to edit the file, because the tool automatically performs a strict check on the configuration syntax. If an error is found, a warning is given when saving and exiting the file, the system prompts you which configurations are incorrect to ensure the correctness of the configuration file. On the contrary, if other text editing programs are used, once an error occurs, it will cause serious consequences to the system. The following shows the default/etc/sudoers file content in Ubuntu:
# User Privilege Specification
Root all = (all) All
# Members of the Admin group may gain root privileges
% Admin all = (all) All
The following is a brief description of the above Configuration:
The purpose of the first configuration is to allow the root user to use The sudo command to become any other type of user in the system. The second configuration requires that all Members in the Management Group can execute all commands as root. Therefore, in the default Ubuntu system, to execute commands as root, you only need to keep up with the commands to be executed after sudo. The following example shows that if you want to execute apt-Get
For update, enter the following content in the command line:

$ Sudo apt-Get update

2. Configuration File Syntax explanation
Next, we will use an instance to explain in detail the configuration syntax of the/etc/sudoers file. See the following example:
Jorge all = (Root)/usr/bin/find,/bin/RM
The first column above specifies that it applies to users or groups. In this example, It is user Jorge. In addition, because the group and user in the system can be renamed, to specify that the rule applies to a group rather than a user, the Group Object Name must start with a percent sign (%.
The second column specifies the applicable host of the rule. This column is particularly useful when we deploy the sudo environment among multiple systems. Here All represents all hosts. However, if you do not want to deploy sudo on a desktop or multiple systems, replace this column with the corresponding host name.
The value in the third column is enclosed in brackets, indicating the identity of the user specified in the first column to execute the command. In this example, the value is set to root, which means that the user Jorge can run the commands listed below as the root user. This value can also be set to the wildcard "all". Jorge can be used as any user in the system to execute the listed command.
The last column (/usr/bin/find,
/Bin/RM) is a command table separated by commas. These commands can be run by users specified in the first column as indicated in the third column. In this example, the configuration allows Jorge to run as a Super User.
/Usr/bin/find and/bin/RM commands. It must be noted that the commands listed here must use absolute paths.
3. How to Use the sudo command
Now the question is, how can a user Jorge use the permissions assigned to him? In fact, it is very easy to use the sudo command in command line mode.
Add the program he wants to run, for example:
Jorge @ Ubuntu :~ $ Sudo find .! -Name '*. avi'-exec Rm-f // {//} //; if Jorge attempts to execute a program not specified in the/etc/sudoers file (such as find
Or
Rm), The sudo command will end with a failure and give a warning that he has no permission to run these commands as a Super User.
To run commands as a non-root user, you must use the-u option to specify the user to be used. Otherwise, sudo will be the root user by default, for example, if you want to execute the LS command as Fred, you should:
$ Sudo-u Fred ls/home/Fred as you can see, we can use these rules to create specific roles for the system. For example, if you want a group to be responsible for account management, on the one hand, you do not want these users to have full root access permissions, on the other hand, you have to grant them the right to add and delete users, then we can create a group named accounts on the system and add those users to the group. Then, add the following content to/etc/sudoers using the export do statement:
% Accounts all = (Root)/usr/sbin/useradd,/usr/sbin/userdel,
/Usr/sbin/usermod: Now, all members in the Accounts Group can run the useradd, userdel, and usermod commands. If you find that the role requires other tools after a while, you just need to add them at the end of the table. This is really convenient!
Note that the complete command path must be used when you define commands that can be run for users. This is entirely out of security considerations. If the command we give is just a simple userad
/Usr/sbin/useradd, then the user may create his own script, also known as userad, and put it in its local path, so that he can
The local script of useradd is used as the root to execute any command he wants. This is quite dangerous!
Another convenient feature of the sudo command is that it can indicate which commands do not require a password for execution. This is useful, especially when running some commands as a Super User in non-interactive scripts. For example, you want to run the kill command without entering a password as a Super User so that the user can immediately kill a process that is out of control. Therefore, add nopasswd: Before the command line. For example, you can add a line up and down in the/etc/sudoers file to give Jorge the following power:
Jorge all = (Root) nopasswd:/bin/kill,/usr/bin/killall. Then, Jorge can run the following command to kill the out-of-control RM process as the root user.
Jorge @ Ubuntu :~ $ Sudo killall RM
6. How to enable the root account
Through the above introduction, we found that sudo is indeed very useful, but if you have been used to working in root for a long time, what should you do to review the past? Simply set a root password for the root user:
$ Sudo passwd root is ready. Now you can log on directly as root.

From: http://hi.baidu.com/alin9630/blog/item/716b75d3045955d2a8ec9a51.html