Sudo configuration file/etc/sudoers format

Source: Internet
Author: User

Describes the format of the sudo configuration file/etc/sudoers.
# User privilege specification
Root ALL = (ALL) ALL
# Allow members of group sudo to execute any command after they have
# Provided their password
# (Note that later entries override this, so you might need to move
# It further down)
% Sudo ALL = (ALL) ALL
#
# Includedir/etc/sudoers. d
# Members of the admin group may gain root privileges
% Admin ALL = (ALL) ALL
The above is the default/etc/sudoers file of my Ubuntu10.04. "#" Starts with comments that can be ignored.
First, you need to convert it to the root user and use the mongodo command to open the/etc/sudoers file.
Description: root ALL = (ALL) ALL
Root indicates the authorized user, which is the root user;
The first ALL indicates ALL computers;
The second ALL indicates ALL users;
The third ALL indicates ALL commands;
Authorize the root user to run all files on all computers as all users.
% Admin ALL = (ALL) ALL is the same as above, except that the Group admin is authorized.
Common Format
The common format of/etc/sudoers is:
User host run_as command
User: one or more users. in/etc/group, you can use a % to replace it. The group Object Name must start with a percent sign (%.
Host: one or more host names;
Run_as: Specifies the user to run. Common options are root and ALL.
Command: one or several root-level commands that you want users or groups to run.
For example:
Hans ALL = (root) useradd, userdel
Authorize the hans user to run the useradd and userdel commands as root on all computers.
% Smith ALL = (ALL) NOPASSWD: useradd, userdel
Authorize all members of the smith group to run the useradd and userdel commands as all users on all computers. Do not enter a password when running the command.
Note that the complete command path must be used when you define commands that can be run for users. This is completely out of security considerations. If the command we give is just a simple userad, rather than/usr/sbin/useradd, the user may create his own script, it is also called userad and placed in its local path, so that he can execute any command he wants through the local script named useradd as root. This is quite dangerous!


Author: xieyancheng

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.