Username is not in the sudoers file. This incident will be reported.

Linux: sudo Su-switch to the root permission

Symptom:

Last login: Tue Mar 23 15:55:57 2010 from 10.130.38.5
/Home/channel/> sudo Su-

We trust you have got ed the usual lecture from the local system
Administrator. It usually boils down to these two things:

#1) respect the privacy of others.
#2) Think before you type.

Password:
Sorry, try again.
Password:
Channel is not in the sudoers file. This incident will be reported.

Solution:

To root

 

/Home/channel/> Su-
Password:
[Root @ usboss ~] # Cd/etc/
[Root @ usboss etc] # ls-l Sud *
-R -- r ----- 1 Root 580 2005-07-21 sudoers
[Root @ usboss etc] # chmod U + W sudoers
[Root @ usboss etc] # ls-l Sud *
-RW-r ----- 1 Root 580 2005-07-21 sudoers
[Root @ usboss etc] # vi sudoers

Edit sudoers

Under root all = (all) allz
Add Xxx all = (all) All
Save and exit

[Root @ usboss etc] # chmod U-W sudoers
[Root @ usboss etc] # ls-l Sud *
-R -- r ----- 1 Root 602 3 ?. 30 :23 sudoers

Final result:

Channel is not in the sudoers file. This incident will be reported.
/Home/channel/> sudo Su-
Password:
[Root @ usboss ~] #

 

 

---------------------

Original address: http://www.gz-benet.com.cn/bbs/Show.Asp? Id = 4268Q "] F3 ?. <
". ^ 9fl
I2jcr,
K ^ "J-S _'
"Sudo" is a very useful tool on Unix/Linux platforms. It allows the system administrator to assign reasonable "rights" to common users ", let them execute tasks that can only be completed by super users or other authorized users, such as running commands such as Mount, halt, Su, or editing some system configuration files, like/etc/mtab,/etc/samba/smb. conf. This not only reduces the login times and management time of root users, but also improves system security. (I7t' <|
| D 'A' ml * %
%) S "V'
Ot; % /}
. Jnr = 2 @
I. sudo features Ikz {3 S
_ 0 <yq5 +
P0 _ {u; 47
The role played by sudo is doomed to be especially cautious in terms of security, otherwise it will lead to illegal users to gain root privileges. At the same time, it also takes into account ease of use, so that the system administrator can use it more effectively and conveniently. Sudo designers aim to give users as few permissions as possible but still allow them to complete their work. Therefore, sudo has the following features: '~ S % t} 3u'
Pg = Na! KF
Mqfn @ k x
#1. sudo can restrict specified users from running certain commands on the specified host. Ybuqy :_~
#2. sudo can provide logs to faithfully record what each user has done using sudo and upload the logs to the central host or log server. C: 6 V * l? 6
#3. sudo provides a configuration file for the system administrator, allowing the system administrator to centrally manage user permissions and hosts. The default storage location is/etc/sudoers. GQ-AV
#4. sudo uses a timestamp file to complete a system similar to "ticket check. After the user executes sudo and enters the password, the user receives a "admission ticket" with a default storage period of 5 minutes (the default value can be changed during compilation ). After the timeout, you must re-enter the password. Zk1ta0k
0bq. BTW [
F; FQ ^ TK $ y'
Ii. sudo command [Q npg pf
Es * 3 <[H
Dq0 uzo
Sudo Program SUID is a binary file. We can check its permissions: Mgglgwz
V. E &[
> Ernzs ;-
$ LS-L/usr/bin/sudo Rcu9_q qb
--- S -- X 2 root Root 106832 02-12 17:41/usr/bin/sudo <G * awxtd
: A };{@ @ XV
Q (Q @ fo & K
Its owner is root, so every user can execute the program as root. The program with SUID set can give the user the EUID of the owner at runtime. This is why SUID must be carefully written. However, setting the SUID of a command file is different from running it with sudo. They play different roles. 2 & I * RM1 _
X 'w4m3m.
H}-@?
The sudo configuration is recorded in the/etc/sudoers file, which will be described in detail below. The configuration file specifies which users can execute commands. To use sudo, you must provide a specified user name and password. Note: What sudo requires is not the password of the target user, but the password of the user executing sudo. If a user not in sudoers executes the command through sudo, sudo reports the event to the Administrator. You can use Sudo-V to check whether you are in sudoers. If yes, it can also update the time on your "admission ticket"; if not, it will prompt you, but will not notify the administrator. & M> 6 V?
Vry Uy, T
8 "7/; B
The sudo command format is as follows: I ~ ZK; + _'
'Em-5it
H9 % oo
Sudo-k |-L |-v |-H |-k |-L |-vsudo [-HPSB] [-A auth_type] [-C =} V-UW:>
Class |-] [-P prompt] [-u username | # uid] {-e file [...] |-I |-S | command} U _ <FC!
U7ia} H
P <'mnrp
Next let's take a look at some other common sudo parameters: # HGF. K5]
+ E # l0 +: V
Lvz + # i48
Option description @ Vjq1, J
Use Sudo-H help to list usage methods and exit. {'6v; RG &
Sudo-V version displays the version information and exits. Szkab9n4!
Sudo-l list lists the commands that can be executed by the current user. This option can only be used by users in sudoers. UBB I
Sudo-u username | # uid user executes commands as a specified user. The following users are not only root users, but also usernames or # UIDs.ML}/C <W
Gbugp! B
S1u # x_D-F
Sudo-K kill clears the time on the "admission ticket" and enters the password next time you use sudo. P1; hnkf = 3
? X, W5
Hkmac_d;
Sudo-K sure kill is similar to-K, but it also needs to tear up the "Admission volume", that is, delete the timestamp file. SZ & % KMT] l {
U, al8x
Y $ "= iriv #
Sudo-B command background executes the specified command in the background. 'Azt0 [/W
Sudo-P prompt command prompt can change the prompt message for asking the password, where % u is replaced by the user account name, and % H displays the host name. Very user-friendly design. 9 idby + = P
Sudo-e file edit is equivalent to sudoedit, instead of executing a command, but modifying a file. 7lg) 28o
, & 94u>'
Gjk; "'+
There are also some uncommon parameters that can be found on the sudo (8) page of the manual. Vovbc}
{} 2% F] 1
#[D3 "O]'
3. Configure sudo C} & mva0dn:
Z ":) J {9
J | B:/L
You must edit the sudo file by editing the/etc/sudoers file, and only the Super User can modify it. You must also edit the sudo file by using mongodo. The use of mongodo has two reasons: first, it can prevent TCS % Q $ t {]>
The two users modify it at the same time; the other is that it can also perform limited syntax checks. Therefore, even if you have only one super user, you 'd better check the syntax with just do. 3jfgu06d
<!.) '"J -.
Gj! /Y *
By default, do opens the configuration file in VI and uses VI to modify the file. We can modify this default item during compilation. Mongodo does not store configuration files with syntax errors without authorization. It will prompt you for problems and ask how to handle them, just like: Jii8xa @ s
C ~ |. % DF
1 zrqawll
>>> Sudoers file: syntax error, line 22 < 1 & P * x | ly}
* B 'h $
Yxe1c] Fi
In this case, there are three options: Enter "E" to re-edit, enter "X" to save and exit, and enter "Q" to exit and save. If Q is selected, sudo will not run until the error is corrected. , M; le0
VD] bs0v @
: A> _ A ['^ $
Now let's take a look at the mysterious configuration file and learn how to write it. Let's start with a simple example: Let the user foobar execute all the root executable commands through sudo. Use mongodo as the root user to open the configuration file. You can see the following lines: S ^ flrv +
WR 'a "? Po
...... Xyr8} p
7 p v & 5 lcth