Sudo literally means that the Super user do! is one of the most important commands necessary for Linux system administrators or advanced users.
Have you ever had this experience: trying to run a command in a terminal and encountering "Access Denied"? What to do? By the way, this is what you need.
The command!
First, ok! So here's a simple example of how to use configuration and use sudo to manage our specific services.
1. Enter the command
chmod u+w/etc/sudoers
2. Edit the/etc/sudoers file, enter the command vim/etc/sudoers, and go to edit mode to find this line:
Root all= (All) all
Add "username all= (All) all" (username is the name of the account you need to use sudo)
3. Save Exit wq!
4. Revoke write access to a file
chmod u-w/etc/sudoers
5. Switch to the account you just configured
such as: Su-lvsadmin
6. Use sudo for power handling
sudo service keepalived restart
Second, through the above configuration, we can see the above configuration is not elegant, security is hidden, next we look at how to fine-grained sudo
Degree of management.
For example, we want to limit username's rights and not let him do whatever he pleases. For example, we just wanted him to use the LS and ifconfig commands like root, and I
We can change the contents of Sudoers to the following:
Username Localhost=/sbin/ifconfig,/bin/ls
Password-free execution of sudo:
Username Localhost=nopasswd:/bin/cat,/bin/ls
Third, take a look at the meaning of the parameters of sudoers configuration
The first all refers to the host in the network, which can be changed to a specific hostname, which indicates that the user to be added can execute subsequent commands on this host. Second
All refers to the target user, who is to execute the command, and the last all refers to the specific command.
Four. Logs and security
Sudo is very thoughtful about security, not only logging, but also reporting to the system administrator if necessary. However, the log function of sudo is not self-
Must be opened by the Administrator, with the following steps:
1. Create a day file
#touch/var/log/sudo
2. Configure the log Output path
#vi/etc/syslog.conf Add the following:
Local2.debug/var/log/sudo
3. Restart Syslog Process Effective configuration
Ps-aux|grep syslogd
Kill–hup PID
If the command is too long and does not conform to the user's habits after using sudo, then we can assign an alias to it
Alias goconfig= ' cd/usr/x11/lib/x11 '
To de-alias:
Unalias Goconfig
How to configure and use sudo commands under Linux
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
