Use of Linux sudo

From: http://blog.chinaunix.net/u/30648/showart_261928.html

Sudo is a tool that allows the system administrator to allow common users to execute some or all of the root commands, such as halt, reboot, and Su. This not only reduces the login and management time of the root user, but also improves the security. Sudo is not a substitute for shell. It is intended for every command.

I. Features

A sudo can restrict users from running certain commands only on a host.

B sudo provides a wide range of logs that detail what each user has done. It can upload logs to the central host or log server.

C sudo uses a timestamp file to execute a similar "ticket checking" system. When the user calls sudo and enters its password, the user receives a 5-minute ticket (this value can be changed during compilation ).

D. The sudo configuration file is a sudoers file, which allows the system administrator to centrally manage user permissions and hosts used. It is stored in/etc/sudoers by default, and the attribute must be 411.

Ii. Software Packages

Sudo-1.6.6-1Thiz.i586.rpm on the first disc of thizlinux 7.0

If your system is not installed, use rpm-IVH for installation.

3. How to edit

Google Adsense account application

Run the mongodo command:

The following is an extremely simple example:

Add the following lines:

Defaults syslog = auth

Defaults logfile =/var/log/sudo. Log

Cmnd_alias shutdown =/sbin/halt,/sbin/Shutdown

Root all = all

Esnow all = all

Xu1_all = All ,! Shutdown

In this example, esnow can execute all the root commands.

And shutdown cannot be executed, other commands that can be executed by the root user can be executed.

This archive has an exclusive editor called visudo to edit the/etc/sudoer archive.

After editing the file, esnow can use the sudo command to convert it

Superuser is used to do things that only superuser can do.

There is a record file in/var/log/sudo. log, which records who is using

Sudo has these commands. By the way, we can use the following command to capture those conversions.

It becomes a superuser, but it is not successful ......

You can also define user aliases and host aliases in/etc/sudoers, for example:

Host_alias Server = No1

User_alias admins = ABC, BCD

Admins all = (all) nopasswd: All

In this way, admins can perform all operations without a password.

Sudo parameters include:

Sudo-l allows users to view which commands they can execute in sudo.

Sudo-V displays the sudo version number.

Sudo-H displays the parameters that can be entered when sudo is executed.

Sudo-B will execute the command in the background

Sudo-P prompt can change the prompt for asking for the password, where % u will replace with the user account name, % H will display the Host Name

Sudo-v |-H |-L |-v |-k |-S | [-H] [-S] [-B] | [- P prompt] [-C Class |-] [-u

Username/# uid] command

4. How to Use

Log On As an esnow user and execute

Sudo/sbin/shutdown-K 40 "AA"

Prompt password: Enter the esnow user password and execute the command.

Run the command as an xujh User Login

[Xujh @ WWW xujh] $ sudo/sbin/shutdown-K 40 "AA"

Password:

Xujh is not in the sudoers file. This incident will be reported.

After the password is entered, the system prompts no authorization.

5. View logs

VI/var/log/sudo. Log

Feb 18 20:17:39: esnow: tty = pts/0; Pwd =/home/esnow; user = root;

Command =/sbin/shutdown-K 40 AA

Feb 18 20:20:00: xuers: user not in sudoers; tty = pts/1; Pwd =/home/xuers;

User = root; command =/sbin/shutdown-K 40 AA