sudo introduction: sudo is a Linux system Management Directive, is a tool that allows the system administrator to let ordinary users perform some or all of the root commands, such as HALT,REBOOT,SU and so on. This not only reduces the login and administration time of the root user, but also improves security. sudo is not a substitute for the shell, it is for each command
Basic operations
[[email protected]/]# useradd Daniel #创建一个用户 [[email protected]/]# passwd Daniel #设置密码 [[email Protected]/]# su Daniel #切换用户到Danielbash -4.1$ #切换成功 #给权限 #linux sudo command executes the instruction as a system Manager, that is, instructions executed via sudo appear to be executed by the root himself. #使用权限: There are users who appear in the/etc/sudoers. Here can be directly modified sudoers, also can use Visudo, recommended to use Visudo, you can determine whether your syntax is correct [email protected]/]# visudo## allow ROOT to run any commands Anywhere root all= (all) Alldaniel all= (All) all #这是我们新添加的一行, meaning that Daniel, the user, can use all the commands, using a single command (such as Useradd ), you can change all to/user/sbin/add# test-bash-4.1$ Ls/root/ls: Unable to open Directory/root/: Insufficient permissions-bash-4.1$ sudo ls/root/[sudo] password for Daniel : #sudo后输入Daniel的密码即可anaconda-ks.cfg Install.log install.log.syslog# Now let's take a look at what those three all mean. The first all refers to the host in the network, which can be changed to localhost=, which indicates that foobar can execute subsequent commands on this host. The "All" in the second parenthesis refers to the target user, who is the person who executes the command. The last all of course refers to the command name. For example, we want DANIELR users to execute the KILL command on a Linux host as Jimmy or Rene, writing a configuration file: Daniel linux= (jimmy,rene)/bin/kill# But there's a problem. Is Daniel in the role of Jimmy or Rene? At this point we should think of the sudo-u, it is used at such times. Daniel can use Sudo-u Jimmy kill pid or Sudo-u Rene kill PID, but this is very troublesome, in fact, we can not need to add-u every time, the Rene or Jimmy set as the default target users can. Add another line above: Defaults:foobar runas_default=renedefaults If there is a colon, it is the default for the subsequent user, and if not, it is the default for all users. Just like the one line in the configuration file: Defaults env_reset
Alias
#别名类型1) Host_alis defines the host alias Host_alias webservers = Web1, web2 #WEBSERVERS是主机组, WEB1,WEB2 is the host #每个主机使用逗号分隔逗号后面有空格, the = number has spaces on both sides, The host group is the alias, you can use this alias to limit, the mainframe is in the first all position, you can define a lot of such aliases, each alias can be used as a host group, usually rarely use # in the production scenario, the general situation does not need to set the host alias, You can use all to match all hosts when you define an Authorization Rule 2) user_alias define user aliases # Alias members can be users, user groups (add% in front of user group) User_alias ADMINS = Daniel, Qwer,%groupname# If the user daniel,qwer and user group%groupname have the same permissions, then directly can use the alias admins limit, later if you want to add a user or group of the same permissions, directly after adding the # Reference location Daniel All= (all) all All #Daniel就是用户别名的引用位置3) Runas_alias defines the Runas alias # This alias specifies "user Identity", which is the user sudo allows to switch to # Runas-alias defines that a system user can perform sudo switch identities to the membership contained under Runas_alias # syntax Runas_alias OP = root# Reference location: that all in parentheses. Indicates that the use of sudo is using the OP identity to use (that is, root) 4) cmnd_alias define command Aliases # command aliases are defined as a name that can be used to sweat a pair of commands cmnd_alias NETWORKING =/sbin/route,/sbin /ifconfig,/bin/ping,/usr/bin/net,/sbin/iptables# reference location: Last all. After the definition is complete, it can be placed in the last all position, and after authorization, the user or group can use sudo to get these commands up # Full definition #user_alias by danieluser_alias ADMINS = admin, Daniel,% Adminsuser_alias netadmins = netadmin,%netadminsuser_alias useradmins = Useradmin#cmnd_alias by DanielCmnD_alias usercmd =/usr/sbin/useradd,/usr/sbin/userdel,/user/bin/passwd [a-za-z]*,/bin/chown,/bin/chmodCmnd_Alias Diskcmd =/sbin/fdisk,/sbin/partedcmnd_alias netcmd =/sbin/ifconfig,/etc/init.d/networkcmnd_alias CTRLCMD =/US R/sbin/reboot,/usr/sbin/haltrunnas_alias OP = root, daniel# #ADMINS all= (All) Usercmd, Netcmd, Ctrlcmdnetadmins All= (OP) nopasswd:netcmduseradmins all= (OP) nopasswd:usercmd #NOPASSWD, indicating that after the input is not required to enter the password, the default is that after the input is completed, five minutes do not need in the input
Linux--sudo Permissions Explained