Use of the sudo command

In linux, the su command for switching user 1 -- su USERNAME is to disable a new environment variable shell after switching the user, that is, the user's shell is still in the pre-switching state, you have the permissions of the user before the switchover. 2 -- su-USERNAME: Add "-" after the su command to enable a new variable. The Root user does not need to enter a password when switching to a common user. 3 -- sudo is to execute a command as another user without switching the user. It can restrict specified users to run certain specified commands on the specified host. /Etc/sudoers is The sudo command editing document Command Format User_Alias Host_Alias = (Runas_Alias) Commd_Alias ---- Note: 1. user_Alias can be one or more users, system group (identified by %), network group (identified by +) 2. runas_Alias can be a single or multiple users, system group (marked with %), network group (marked with +), ID (marked with #) 3. host_Alias uses the host name or IP address, or a network segment 4. commd_Alias: 1 command; full path is recommended for 2 directories (which must end with a slash); 3 other aliases allows nesting; wildcard characters are allowed. Test sudo command 1 create two common users liv poppy add to group stu switch to liv test fdisk-l 2 run the export do command under the root user to edit the/etc/sudoers file and add the following command. Liv has the root user permission to use fdisk. Liv station73 = (root)/sbin/fdisk (Note: add the full path of the command when using the sudo command) 3. Add several command lines so that liv can execute more commands: 1.liv station73 = NOPASSWD:/sbin/service,/sbin/ifconfig, no Password is entered for the/bin/mount appeal command (NOTE: When a common user uses the sudo command, the system will prompt to enter the password to verify the identity. The password must be entered for the common user. The system determines which user is using the sudo command and records it to the log. If you do not want to enter the password when using a command, add NOPASSWD before the command line: PASSWD by default) 2 liv station 73 =/sbin/service/, NOPASSWD:/sbin/ifconfig, /bin/mount to run the service command. Enter the password, ifconfig, and mount. 2.liv station73 = (poppy)/sbin/service, NOPASSWD :( root) is not required) /bin/mount a user can execute some commands of multiple users. 3.% stu station = NOPASSWD: NETWORKING. users in the/bin/Stu group may not enter the NETWORKING defined in the User Password execution file and the commands in the directory/bin. Remember? 4 poppy ALL = (ALL) ALL must be added after the directory. This command is dangerous because poppy users can execute any command on any host. The test method is the same. Sudo features that: give users as few permissions as possible, but can complete their work. When editing SUDOERS files, be sure not to allow unauthorized users to intercept root permissions. This article is from 2454790"