1.sudo Introduction
Sudo is a common tool that allows ordinary users to use Superuser privileges under Linux, allowing the system administrator to allow ordinary users to perform some or all of the root commands, such as HALT,REBOOT,SU, and so on. This will not only reduce the root user login and management time, but also improve security. sudo is not a substitute for the shell, it is oriented to each command. There are several main features of it:
Sudo can restrict the user from running certain commands on a single host.
sudo provides a rich log of what each user has done in detail. It can upload logs to a central host or log server.
sudo uses a timestamp file--a log--to perform a similar "check-in" system. When the user invokes sudo and enters its password, the user obtains a 5-minute lifetime ticket (this value can be changed at compile time).
The sudo configuration file is the Sudoers file, which allows the system administrator to centralize the administration of user permissions and the host used. The location of the default is/etc/sudoers, and the attribute must be 0411.
2. The configuration instance is explained in detail below:
[ROOT@OCM1 ~]# rpm-qa|grep sudo--the query has sudo installed, typically installed.
Sudo-1.6.9p17-5.el5
[ROOT@OCM1 ~]# Visudo---Root uses visudo to open the/etc/sudoers file by default,
Root all= (All)---system defaults to this line only
Oracle All= (All)----adds this line for Oracle users.
3. Problems that may be encountered in the configuration:
1, the host name configuration error causes sudo not to execute and log records.
Error tip: Sorry, user test is isn't allowed to execute '/bin/cat/etc/sudoers ' as root
Localhost.localdomain.
Resolution: Change the localhost to the real host name or IP
Test Localhost=/sbin/cat/etc/sudoers
Defaults@localhost Log_host/var/log/sudo.log
2, command name list in the command error caused sudo can not execute
Error tip: [jackyu@localhost jackyu]$ sudo cat/etc/sudoers
Sorry, user Jackyu isn't allowed to execute '/bin/cat/etc/sudoers ' as root
Localhost.localdomain.
Resolution: The command was written incorrectly (Cmnd_alias CAT =/bin/cat-n/etc/sudoers) as defined in Cmnd Alias.
Execution: sudo cat-n/etc/sudoers
More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/