Linux-sudo detailed

Nothing to do at night, look at their previous notes, the notes about sudo a little to tidy up, recorded.

sudo can execute certain commands from a host as another user, but does not need to switch to that user ( a bit similar to suid) . You can execute only the commands you specify (in general , commands that perform some management classes as root).

sudo configuration file /etc/sudoers, which can be viewed only by the root user and the root group:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/90/wKiom1Wf40HwVYi4AABg1B8RI_M147.jpg "title=" Picture 1.png "alt=" Wkiom1wf40hwvyi4aabg1b8ri_m147.jpg "/>

the file can be directly Vim edits, but this is not recommended, because vim does not check the file for syntax errors, which can cause system-level problems if the syntax is wrong. It is recommended that the visudo Command be edited.

Syntax format: Who can connect through which hosts and which commands to execute in WHO

W.H.O. which_host= (runas) command

Who: you can use user aliases to define certain users to a single group for unified management

Which_host: You can use host aliases to define certain hosts in a single group for unified management

Runas:runas_alias

Commad:cmnd_alis, you can use command aliases to define certain commands in a single group for unified management

Sudo's alias mechanism, alias names are all and can only be capitalized. Mans Sudoers view a definition of an alias.

User aliases, which can contain the user's user name, group name (% Group name), and Other user aliases that are already defined (! can take counter !test except Test outside the user )

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/8D/wKioL1Wf5abS-iqvAACrZAlhxAI415.jpg "title=" Picture 2.png "alt=" Wkiol1wf5abs-iqvaacrzalhxai415.jpg "/>

Host aliases: can contain host names,IP addresses, network addresses, or other host aliases that are well-defined

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/90/wKiom1Wf4_bweSsdAAGHEE7RcIo783.jpg "title=" Picture 3.png "alt=" Wkiom1wf4_bwessdaaghee7rcio783.jpg "/>

Command aliases: command to use absolute paths , All commands in this directory, or other defined command aliases

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/8D/wKioL1Wf5erDgk7pAAIO4sZeEHc920.jpg "title=" Picture 4.png "alt=" Wkiol1wf5erdgk7paaio4szeehc920.jpg "/>

runas aliases: User name,% group name, other defined runas aliases

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/8D/wKioL1Wf5g6w2n2NAACKL4C1tmE083.jpg "title=" Picture 5.png "alt=" Wkiol1wf5g6w2n2naackl4c1tme083.jpg "/>

sudo specific settings:

For example, an administrator can execute all commands as any user through any host

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/8D/wKioL1Wf5kSSYtWbAABAdcuef6w538.jpg "title=" Picture 6.png "alt=" Wkiol1wf5kssytwbaabadcuef6w538.jpg "/>

Define jack2 user can execute useradd,usermod command with root user through all hosts

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/90/wKiom1Wf5IyBzToqAABHVyZU-Ro025.jpg "title=" Picture 7.png "alt=" Wkiom1wf5iybztoqaabhvyzu-ro025.jpg "/>

sudo by default, after the user enters the password for the first time, No need to enter the password again within 5 minutes,thesudo-k command clears the password cache and invalidates the previously entered authentication information:

SUDO-L Lists all sudo commands that the current user can try

Sudo-k to invalidate certification information

sudo can also define that the user does not need to enter a password, can execute the command , add nopasswd before the command

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/8D/wKioL1Wf5q7jt4yfAAA8ga2Ps2s339.jpg "title=" Picture 8.png "alt=" Wkiol1wf5q7jt4yfaaa8ga2ps2s339.jpg "/>

The above method table name executes both Useradd and usermod do not require a password, and if you need to do so now useradd do not require a password but do usermod You need to enter a password, you need the following definition

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/90/wKiom1Wf5PjC_FaiAABH-H9xcc0494.jpg "title=" Picture 9.png "alt=" Wkiom1wf5pjc_faiaabh-h9xcc0494.jpg "/>

Use aliases:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/90/wKiom1Wf5UmD3nG5AAClAy-E_MQ554.jpg "title=" Picture 10.png "alt=" Wkiom1wf5umd3ng5aaclay-e_mq554.jpg "/>

/var/log/secure log all sudo -related operations

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/8D/wKioL1Wf5zfhYuRIAAHgKNfliEI445.jpg "title=" Picture 11.png "alt=" Wkiol1wf5zfhyuriaahgknfliei445.jpg "/>

This article is from the "Diannaowa" blog, make sure to keep this source http://diannaowa.blog.51cto.com/3219919/1673089

Linux-sudo detailed