Sudo command usage

Sudo command usage

Because the root permission is too large, Linux generally cannot directly log on as an administrator or perform operations with su-root, in this case, we need to use the sudo command to help us execute some management commands that common users do not have permissions.

Features of The sudo command:

1. Authorize a specified user to run the specified management command on the specified host;

2. Record the log information of commands executed by users based on sudo in detail;

3. "ticket checking system": time-sensitive authentication. When a user executes sudo for the first time, a password is required to verify the identity of the user, after successful, the user will get a "token" with a fixed survival duration; 5 minutes

How to Implement the sudo function?

/Etc/sudoers: Authorization file, which can only be edited by the Administrator. However, vim is generally not used to directly edit the file. Because syntax errors may occur, the dedicated editing tool mongodo command is generally used to authorize the file.

/Etc/sudoers:

Note: alias definition: aliases must contain all uppercase characters.

Built-in variable: ALL Users

User_Alias:

User_Alias NAME = item1, item2 ,...

Item:

User Name

% Group name

# UID

$ # GID

User_Alias (indicating that the alias already defined can be used)

Example: User_Alias ADMIN = CentOS, % lx, #500

Specifies the ADMIN alias. Users with centos users, lx groups, and UID 500 are defined.

Host_Alias: on which hosts can be run

Host_AliasNAME = item1, item2 ,...

Item:

Hostname

Ip

Network

Host_Alias

Example: Host_Alias ALLOWADDR = 172.16.37.10, 172.16.0.0/16

ALLOWADDR alias, with ip address 172.16.37.10 and network address 172.16.0.0/16

Runas_Alias

Runas_AliasNAME = item1, item2 ,...

The usage is the same as User_Alias.

Cmnd_Alias:

Cmnd_AliasNAME = item1, item2 ,...

Item:

Command

Directory (all commands in the directory)

Cmnd_Alias

Example: Cmnd_Alias COMMAND =/usr/sbin/useradd,/usr/sbin/userdel,/usr/sbin

Defines the COMMAND alias, including useradd, userdel, and all commands in/usr/sbin.

If this parameter is set, you can reverse it: Cmnd_AliasPASSWD =/usr/bin/passwd [0-9A-Za-z] *,! /Usr/bin/passwd root

Sudo authorization:

Who host = (WHOM) COMMAND

Example: centos MYPC = (root)/usr/sbin/useradd

NOPASSWD: indicates that no password is required for commands after the tag.

PASSWD: indicates that passwords are used for commands after tags.

Sudo command:

-L: view the sudo commands that can be executed by the current user;

-U username command: executes the specified COMMAND as the specified user identity;

-K: Clear the "token"

-B COMMAND: run the specified COMMAND in the background

-E/path/to/somefile: modifies the specified file;

Example: sudo-u centos useradd user1

Linux Tutorial: how to define the PATH environment variable for the sudo command

Use and enable the root account with Ubuntu sudo and su commands

Sudo: sorry, you must have a tty to run sudo

Configure sudo permissions in Linux

Temporary root permission for sudo Configuration

How to solve the problem that users cannot execute sudo in Linux

The Linux system administrator must not know the command: sudo

Sudo permission allocation

This article permanently updates the link address: