Linux sudo 命令使用简介
Linux sudo 命令使用简介
by:授客 QQ:1033553122
基本语法:
$ sudo [-u username] [command]
-u:将身份变成username的身份
#编辑/etc/sudoers (注意,这里使用 visudo 而不是 vi 来设置。)
# visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Disable "ssh hostname sudo ", because it will show the password in clear.
# You have to run "ssh -t hostname sudo ".
#
Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
laiyu ALL=(ALL) ALL #根据上述提示,模仿root用户添加自定义用户laiyu,使其可执行sudo命令
test ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL ##这行默认是注释掉的。如果取消注释,则群组为 wheel 的人就可以进行root 的身份工作!这个 wheel 是系统预设的 group!因此,如果想要让这部主机里头的一般身份使用者具有sudo 的使用权限,那么就必需将该 user 放入支持 wheel 这个群组里头!
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL #默认是注释掉的,运行所有wheel组群的用户不实用密码
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
实验检验真理:
[root@localhost ~]# su laiyu
[laiyu@localhost root]$ pwd
/root
[laiyu@localhost root]$ mkdir test
mkdir: cannot create directory `test': Permission denied
[laiyu@localhost root]$ sudo mkdir test ##在以laiyu身份在/root目录下创建test文件
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for laiyu:
Sorry, try again.
[sudo] password for laiyu: ##注意这里输入的是用户laiyu自己的密码,而不是root的密码
[laiyu@localhost root]$ ls
ls: cannot open directory .: Permission denied
[laiyu@localhost root]$ sudo ls
anaconda-ks.cfg file install.log install.log.syslog myfile test
[laiyu@localhost root]$
[laiyu@localhost root]$ su root
Password:
[root@localhost ~]# sudo -u laiyu rm test #说明不能以root身份 sudo –u 普通身份
rm: cannot remove `test': Permission denied
[root@localhost ~]# sudo
usage: sudo -h | -K | -k | -L | -V
usage: sudo -v [-AknS] [-g groupname|#gid] [-p prompt] [-u user name|#uid]
usage: sudo -l[l] [-AknS] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []
usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...
[root@localhost ~]# su laiyu
[laiyu@localhost root]$ sudo -u root rmdir test #这样成功了
[laiyu@localhost ~]$ su - test
Password:
[test@localhost ~]$ pwd
/home/test
[test@localhost ~]$ sudo -u laiyu mkdir -p /home/laiyu/tes #成功从普通用户test切换到普通用户laiyu执行命令
[test@localhost ~]$ su - laiyu
Password:
[laiyu@localhost ~]$ ls /home/laiyu
tes
[laiyu@localhost ~]$
Linux sudo 命令使用简介的更多相关文章
- Linux sudo 命令的应用
.note-content { font-family: "Helvetica Neue", Arial, "Hiragino Sans GB", STHeit ...
- Linux sudo命令——sudoers文件的配置
Linux sudo命令与其配置文件/etc/sudoers 对linux有一定了解的人多少也会知道点关于sudo命令.sudo命令核心思想是权限的赋予 ,即某个命令的所属用户不是你自己,而你却有 ...
- linux sudo命令
Sudo”是Unix/Linux平台上的一个非常有用的工具,它允许系统管理员分配给普通用户一些合理的“权利”,让他们执行一些只有超级用户或其他 特许用户才能完成的任务,比如:运行一些像mount,ha ...
- Linux nohup命令应用简介--让Linux的进程不受终端影响
nohup命令应用简介--让Linux的进程不受终端影响 by:授客 QQ:1033553122 #开启ping进程 [root@localhost ~]# ping localhost & ...
- [转]linux sudo 命令
转自:http://www.cnblogs.com/xiaochaohuashengmi/archive/2011/11/11/2245341.html “Sudo”是Unix/Linux平台上的一个 ...
- linux sudo 命令
简单的说,sudo 是一种权限管理机制,管理员可以授权于一些普通用户去执行一些 root 执行的操作,而不需要知道 root 的密码.严谨些说,sudo 允许一个已授权用户以超级用户或者其它用户的角色 ...
- linux sudo命令详解
--sudo命令重启网卡 sudo service network restart http://bestchenwu.iteye.com/blog/1450292
- 转 Linux sudo命令
脚本中使用$HOME变量 问题描述:某些同事原来写的脚本中包含如下内容. BIN_DIR=${HOME}/tools TAIR_BIN_DIR=${HOME}/tair_binTAIR_SRC_DIR ...
- linux sudo命令失败 提示sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位
sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位 一.前言 这是一个神奇的错误,缘由是因为有人将/usr/bin/sudo的权限改为777或其他. 解决 ...
随机推荐
- 7-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案升级篇(TCP实现HTTP访问下载文件,明白底层如何实现的,地基稳才踏实)
看了好多文章.....唉,还是自己亲自动手用网络监控软件测试吧 先看这个节安装WEB服务器.....安装好以后就可以用HTTP访问电脑文件了 6-STM32物联网开发WIFI(ESP8266)+GPR ...
- nc命令简介
nc介绍 ncat/nc 既是一个端口扫描工具,也是一款安全工具,还能是一款监测工具,甚至可以做为一个简单的 TCP 代理. 在大多数 Debian 发行版中,nc 是默认可用的,它会在安装系统的过程 ...
- ES练习代码
package elasticsearch; import java.util.HashMap; import java.util.List; import java.util.Map; import ...
- python for dblp.xml
由于最近处理数据时涉及到dblp.xml,刚开始下载时dblp.xml只有300多M,但解压之后就有1.9G,没有什么东西能够打开,所以必须要用工具来处理,在python中sax包能够一边解析一边处理 ...
- Centos配置vsftpd
#安装vsftpdyum install vsftpd #限制用户只能访问配置的目录,不能访问其他路径#修改vi /etc/vsftpd/vsftpd.conf chroot_list_enable= ...
- Python Mock的入门学习
一.Mock是什么 Mock这个词在英语中有模拟的这个意思,因此我们可以猜测出这个库的主要功能是模拟一些东西.准确的说,Mock是Python中一个用于支持单元测试的库,它的主要功能是使用mock对象 ...
- 解决IDEA中进行maven install报:系统资源不足的问题
一.背景 最近在idea中使用maven对公司的项目进行install的时候老是出现系统资源不足的问题导致install失败,在网上搜索也没找到很好的答案,自己不断摸索,最终在idea的配置里面找到了 ...
- linux解压zip乱码解决方案
1.向系统添加windows下的字符编码: sudo vim /var/lib/locales/supported.d/local 添加一下编码: zh_CN.GBK GBK zh_CN.GB231 ...
- ThreadPoolExecutor参数讲解
1. 线程池可以节省创建多个线程带来的开销问题. 2. 线程池的参数如下: public ThreadPoolExecutor(int corePoolSize, int maximumPoolSiz ...
- WebLogic 12c Linux 命令行 安装
最近负责在Linux上安装WebLogic Server 12c,客户说要安装最新的版本,版本号为 12.1.X(12.1.2,12.1.3).开始以为和旧版安装一样,使用控制台的方式,下载bin文件 ...