Linux sudo command -- sudoers file configuration, sudosudoers
The Linux sudo command and its configuration file/etc/sudoers will also know about the sudo command. The core idea of The sudo command is to grant permissions, that is, the user of a command is not yourself, but you have the permission to execute it. However, although you have the permission to execute this command, it is still executed by the user of this command. [Note 1]. (The su command is similar to the sudo command, but the difference between the two is that su is a coarse-grained permission assignment, and the best understanding of su is change user running command permanent. That is to say, the su user is switched permanently to the previous user, and then the new user from the su will do everything it can do, sudo refers to the user that temporarily switches to the command owner when executing a command to execute [NOTE 1], and sudo can grant permissions to other users in the unit of a single command, it is more flexible than su .) I know about sudo. Do you know how to configure sudo? The following is a brief description: the configuration file for configuring sudo is in/etc/sudoers. Generally, you can use the mongodo command to safely open and edit the file. Run the following command to view the usage of/etc/sudoers: man 5 sudoers. The/etc/sudoers file contains the following two parts: 1. alias settings include User_Alias, Host_Alias, Runas_Alias, and Cmnd_Alias, which are user alias, host alias, run user alias, and command alias. The command for setting these aliases is mainly used for configuration convenience. This is similar to the role in a linux User Group or database. With aliases, you can grant permissions in batches. Setting Method Alias_Type alias_name = name1, name2, name3, for example, User_Alias User1 = user1, user2, user3. The method for setting other types of alias is similar.
2. The real sudo entry is to configure which users can use the commands (you can even disable alias settings ). Format: User Name (User alias) Host Name (host alias) = [(run user or Runas_Alias) Optional] [tag optional] executable commands (or cmd_alias ). The description syntax is hard to understand. For example, user1 host1 =/bin/kill # user1 can use the command/bin/killuser1 host1 = NOPASSWD on host1: /bin/kill # user1 can use the command/bin/kill on host1 without having to enter the password (NOPASSWD is used here, And PASSWD is used by default) user1 host1 = NOPASSWD: /bin/kill, PASSWORD:/bin/ls # user1 can use the command/bin/kill on host1 without entering the PASSWORD, however, to use/bin/ls, you need to enter the password user1 host1 = (opterator) /bin/kill # user1 can use the command/bin/kill on host1, but this command must be run by the operator user, which is equivalent to su-u opertor/bin/k. Illuser1 host1 = (: group_name)/bin/kill # user1 can use the command/bin/kill on host1 and must be run by the user in the group_name user group. % Group_name host1 =/bin/kill # All users in group_name can execute/bin/kill on host1 (in linux, % group_name is generally used for the entire user group) for another practical example, I didn't understand the sudo su command. Why can I directly connect su to the root user without a password? Check the sudoers file to know that there is such a line in it: xxx ALL = NOPASSWD:/bin/su note: in linux, each process has a UID, GID, valid UID, real UID, valid GID, and real GID respectively. Valid UID. GID is used to determine permissions, while real UID and GID are used to keep records (which process belongs to which user or logs are recorded ). After sudo entry is configured, the valid UID contains the configured user UID. Therefore, you can pass the permission verification.
Linux end users cannot execute commands. How can I configure sudo?
The configuration file for sudo configuration is in/etc/sudoers. Generally, you can open and edit the configuration file safely by running the cmddo command. Run the following command to view the usage of/etc/sudoers: man 5 sudoers. The/etc/sudoers file contains the following two parts:
1. Alias settings
Aliases mainly include User_Alias, Host_Alias, Runas_Alias, and Cmnd_Alias, which are user alias, host alias, run user alias, and command alias. The command for setting these aliases is mainly used for configuration convenience. This is similar to the role in a linux User Group or database. With aliases, you can grant permissions in batches.
Setting Method Alias_Type alias_name = name1, name2, name3, for example, User_Alias User1 = user1, user2, user3. The method for setting other types of alias is similar.
2. Real sudo entry
This is to configure which users can use which commands (you can even disable alias settings ).
Format: User Name (User alias) Host Name (host alias) = [(run user or Runas_Alias) Optional] [tag optional] executable commands (or cmd_alias) the syntax is hard to understand. For example
User1 host1 =/bin/kill # user1 can use the/bin/kill command on host1
User1 host1 = NOPASSWD:/bin/kill # user1 can use the/bin/kill command on host1 without entering the password (NOPASSWD is used here)
# This tag, PASSWD by default)
User1 host1 = NOPASSWD:/bin/kill, PASSWORD:/bin/ls # user1 can use the/bin/kill command on host1 without entering a PASSWORD, however, you need to enter the password when using/bin/ls.
User1 host1 = (opterator)/bin/kill # user1 can use the/bin/kill command on host1, but it must be run by the operator user, which is equivalent
# Su-u opertor/bin/kill
User1 host1 = (: group_name ...... remaining full text>
What does linux Command sudo su mean?
It should be uncomfortable, right? Haha ..................
How can I use this command?
This is a command for the current user to obtain the permissions of the Super administrator. If the current user has this permission, the next step is to enter the password of the current user. For example:
$ Sudo su
Password for XXXX :******
#
$ Is the identifier of a common user and # Is the identifier of a super administrator user (roor ).