"Guide" This article describes how to use the sudo command to assign administrative privileges to Ubuntu.
One of the distinctive features of Ubuntu is that you can't log in to the system as root when you first use it. This is going to start with the installation of the system. For other Linux systems, the root password is typically set during the installation process so that the user can log in to the root account or use the SU command to switch to Superuser status. In contrast, the Ubuntu default installation does not set a password for the root user, nor does it enable the root account. The question is what to do if you want to run the command as root user. Never mind, we can use the sudo command for this purpose.
Sudo is a commonly used tool in Linux to allow ordinary users to use Superuser privileges, which provides administrators with a fine-grained access control method through which people can access the system as both Superuser and other types of users. The advantage of this is that administrators can grant them certain types of superuser privileges without telling the user the root password, which is what many system administrators are dreaming of.
Default configuration for 1.sudo
By default, Ubuntu provides a basic configuration for sudo, which is saved in the sudoers file in the/etc directory. When modifying this profile, be sure to use the Visudo tool for editing, because the tool automatically checks the configuration syntax and, if it finds an error, warns you when you save the exit, and prompts you which configuration is wrong, ensuring that the configuration file is correct. Conversely, if you use other text editing programs, the system can have serious consequences if you make an error. The following is the Ubuntu default/etc/sudoers file content: # User privilege Specificationroot all= (All) all# members of the "admin group may gain Roo T privileges%admin all= (All)
Below is a brief description of the above configuration:
The first configuration is to allow the root user to use the sudo command to become any other type of user in the system. The second configuration stipulates that all members of the administrative group can execute all commands as root. Therefore, in the default installation of the Ubuntu system, if you want to execute as the root of the command, as long as the following command to follow the sudo. Here's an example to illustrate that if you want to perform apt-get update, you should type the following on the command line: $ sudo apt-get update
2. Detailed configuration file syntax
Next, we use an example to explain the configuration syntax of the/etc/sudoers file in detail, see the following example: Jorge All= (Root)/usr/bin/find,/bin/rm
The first column above stipulates its applicable object: User or group, in this case, it is user Jorge. In addition, because groups and users in the system can have duplicate names, the name of the group object must begin with a percent sign to specify that the applicable object of the rule is a group rather than a user.
The second column specifies the applicable host for this rule. This column is especially useful when we deploy the sudo environment between multiple systems, where all represents all hosts. However, this column is replaced with the appropriate host name for the desktop system or if you do not want to deploy sudo to multiple systems.
The value in the third column is enclosed in parentheses, indicating in what capacity the user in the first column is able to execute the command. In this case, the value is set to root, which means that the user Jorge be able to run the commands listed later as the root user. This value can also be set as a wildcard character all,jorge can be used as any user in the system to execute the listed commands.
The last column (i.e./usr/bin/find,/bin/rm) is a comma-separated command table that can be run by the user specified in the first column as indicated in the third column. In this case, the configuration allows Jorge to run the/usr/bin/find and/BIN/RM commands as Superuser. It is important to note that the commands listed here must use absolute paths.
How to use the 3.sudo command
The question now is, how do users Jorge use the permissions assigned to them? In fact, it's easy to use the sudo command in command-line mode plus the program he wants to run, such as jorge@ubuntu:~$ sudo find. ! -name ' *.avi '-exec rm-f \{\} \;
If Jorge attempts to execute a program other than the/etc/sudoers file, such as Find or RM, the sudo command ends in failure with a warning message stating that he has no right to run the commands as Superuser.
To run a command as a non-root user, you must use the-u option to specify the user you want to act on, otherwise sudo will default to root, for example, if you want to execute the LS command as Fred, you should: $ sudo-u Fred Ls/home/fred
As you can see, we could use these rules to create specific roles for the system. For example, to have a group responsible for account management, you do not want these users to have full root access, on the other hand, they have the right to add and remove users, then we can create a group named accounts on the system, and then add those users to the group. Then use Visudo to add the following for/etc/sudoers:%accounts all= (Root)/usr/sbin/useradd,/usr/sbin/userdel,/usr/sbin/usermod
Well now, any member of the Accounts group can run the Useradd, Userdel, and Usermod commands. If, after a while, you find that the role requires additional tools, just add it to the tail of the table. This is very convenient!
It is important to note that when we define a command that can be run for the user, the full command path must be used. This is done entirely for security reasons, and if the command we give is simply userad rather than/usr/sbin/useradd, then it is possible for the user to create a script of his own, also known as Userad, and place it in its local path, In this way he can execute any command he wants by using this local script called Useradd as root. It's pretty dangerous!
Another handy feature of the sudo command is its ability to indicate which commands are not required to enter a password at execution time. This is useful, especially if you are running certain commands as Superuser in a non-interactive script. For example, to allow a user to execute a KILL command without having to enter a password as a superuser, so that users can instantly kill a runaway process. To do this, precede the command line with the NOPASSWD: property. For example, you can add the following line to the/etc/sudoers file to give Jorge access to this power: Jorge All= (Root) nopasswd:/bin/kill,/usr/bin/killall
In this way, Jorge can run the following command, as root user to kill the runaway RM process. jorge@ubuntu:~$ sudo killall rm
6. How to enable the root account
Through the above introduction, we found that sudo is really good, but if you have been accustomed to working under the root, want to recall the past feeling should do? Very simply, just set a root password for root: $ sudo passwd root
OK, now you can just log in as root.