How to Use sudo commands in Linux

Source: Internet
Author: User
Tags bit set
The usage of the sudo command in Linux indicates the developer's online builder.com.cn Update Time: 2007-11-27Author: zsw00001 Source: CCID technical community Keyword: usage sudo Linux

How to Use the sudo command in Linux (-@ gehd
K3 (TKs
Original address: http://www.gz-benet.com.cn/bbs/Show.Asp? Id = 4268 Q "] F3 ?. <
". ^ 9fl
I2jcr,
K ^ "J-S _'
"Sudo"
It is a very useful tool on Unix/Linux platforms. It allows system administrators to assign reasonable "rights" to common users so that they can execute some commands only for super users or other authorized users.
Completed tasks, such as running commands such as Mount, halt, and Su, or editing system configuration files such as/etc/mtab,
/Etc/samba/smb. conf. This not only reduces the login times and management time of root users, but also improves system security. (I7t' <|
| D 'A' ml * %
%) S "V'
Ot; % /}
. Jnr = 2 @
I. sudo features ikz {3 S
_ 0 <yq5 +
P0 _ {u; 47
The role played by sudo is doomed to be especially cautious in terms of security, otherwise it will lead to illegal users to gain root privileges. At the same time, it also takes into account ease of use, so that the system administrator can use it more effectively and conveniently. Sudo designers aim to give users as few permissions as possible but still allow them to complete their work. Therefore, sudo has the following features :'~ S % t} 3u'
Pg = Na! KF
Mqfn @ k x
#1. sudo can restrict specified users from running certain commands on the specified host. Ybuqy :_~
#2. sudo can provide logs to faithfully record what each user has done using sudo and upload the logs to the central host or log server. C: 6 V * l? 6
#3. sudo provides a configuration file for the system administrator, allowing the system administrator to centrally manage user permissions and hosts. The default storage location is/etc/sudoers. GQ-AV
#4. sudo uses a timestamp file to complete a system similar to "ticket check. After the user executes sudo and enters the password, the user receives a "admission ticket" with a default storage period of 5 minutes (the default value can be changed during compilation ). After the timeout, you must re-enter the password. Zk1ta0k
0bq. BTW [
F; FQ ^ TK $ y'
Ii. sudo Command [q npg pf
Es * 3 <[H
Dq0 uzo
The sudo program itself is a binary file with the SUID bit set. We can check its permissions: mgglgwz
V. E &[
> Ernzs ;-
$ LS-L/usr/bin/sudo rcu9_q qb
--- S -- X 2 root Root 106832 02-12 17:41/usr/bin/sudo <G * awxtd
: A };{@ @ XV
Q (Q @ fo & K
 
Its owner is root, so every user can execute the program as root. The program with SUID set can give the user the EUID of the owner at runtime. This is why
The SUID program must be carefully written. However, setting the SUID of a command file is different from running it with sudo. They play different roles. 2 & I * RM1 _
X 'w4m3m.
H}-@?
 
The sudo configuration is recorded in the/etc/sudoers file, which will be described in detail below. The configuration file specifies which users can execute commands. To use sudo, you must provide
A specified user name and password. Note: What sudo requires is not the password of the target user, but the password of the user executing sudo. If the user is not in sudoers, run the command through sudo.
Sudo reports the event to the Administrator. You can use Sudo-V to check whether you are running in sudoers.
. If yes, it can also update the time on your "admission ticket"; if not, it will prompt you, but will not notify the administrator. & M> 6 V?
Vry Uy, T
8 "7/; B
Sudo Command Format: I ~ ZK; + _'
'Em-5it
H9 % oo
Sudo-k |-L |-v |-H |-k |-L |-vsudo [-HPSB] [-A auth_type] [-c =} V-UW:>
Class |-] [-P prompt] [-u username | # uid] {-e file [...] |-I |-S | command} U _ <FC!
U7ia} H
P <'mnrp
Next, let's take a look at some other common sudo parameters: # HGF. K5]
+ E # l0 +: V
Lvz + # i48
Option description @ vjq1, J
Use Sudo-H help to list usage methods and exit. {'6v; RG &
Sudo-V version displays the version information and exits. Szkab9n4!
Sudo-l list lists the commands that can be executed by the current user. This option can only be used by users in sudoers. UBB I
Sudo-u username | # uid user executes commands as a specified user. The following users are not only root users, but also usernames or # UIDs. ML}/C <W
Gbugp! B
S1u # x_D-F
Sudo-K kill clears the time on the "admission ticket" and enters the password next time you use sudo. P1; hnkf = 3
? X, W5
Hkmac_d;
Sudo-K sure kill is similar to-K, but it also needs to tear up the "Admission volume", that is, delete the timestamp file. SZ & % KMT] l {
U, al8x
Y $ "= iriv #
Sudo-B command background executes the specified command in the background. 'Azt0 [/W
Sudo-P prompt command prompt can change the prompt message for asking the password, where % u is replaced by the user account name, and % H displays the host name. Very user-friendly design. 9 idby + = P
Sudo-e file edit is equivalent to sudoedit, instead of executing a command, but modifying a file. 7lg) 28o
, & 94u>'
Gjk; "'+
There are also some uncommon parameters that can be found on the sudo (8) page of the manual. Vovbc}
{} 2% F] 1
#[D3 "O]'
3. Configure sudo c} & mva0dn:
Z ":) J {9
J | B:/L
You must edit the sudo file by editing the/etc/sudoers file, and only the Super User can modify it. You must also edit the sudo file by using mongodo. The use of mongodo has two reasons: first, it can prevent TCS % Q $ t {]>
The two users modify it at the same time; the other is that it can also perform limited syntax checks. Therefore, even if you have only one super user, you 'd better check the syntax with just do. 3jfgu06d
<!.) '"J -.
Gj! /Y *
By default, do opens the configuration file in VI and uses VI to modify the file. We can modify this default item during compilation. Mongodo does not store configuration files with syntax errors without authorization. It will prompt you for problems and ask how to handle them, just like: jii8xa @ s
C ~ |. % DF
1 zrqawll
>>> Sudoers file: syntax error, line 22 <1 & P * x | ly}
* B 'h $
Yxe1c] Fi
In this case, there are three options: Enter "E" to re-edit, enter "X" to save and exit, and enter "Q" to exit and save. If Q is selected, sudo will not run until the error is corrected. , M; le0
VD] bs0v @
: A> _ A ['^ $
Now let's take a look at the mysterious configuration file and learn how to write it. Let's start with a simple example: Let the user foobar execute all the root executable commands through sudo. Use mongodo as the root user to open the configuration file. The following lines are displayed: s ^ flrv +
WR 'a "? Po
...... Xyr8} p
7 p v & 5 lcth
UPP} dH-7
'. GIP +
6: rqug
Working Principle and practical experience of clusters in Linux: W {gvhq7: L7
Q: 4kq {= u &
1 & O & W]
Switching between the Linux system interface and the command line mode is 8q8w *~ Ynx
^? Y? Agh' (
= Krg 'B
How to mount and detach a mobile hard disk in Linux <; cvvj> ZC
&)> F? _ ^
1r6}, JV
Share windows resources of Virtual Machine Linux and host machine 0 W {drjzv
Zxv {v S $
K1ui % # R
Integration of Tomcat and Apache Web servers in Linux yF ~ Wkz
View the source of this Article

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.