zoukankan      html  css  js  c++  java

  • sudo使用

    /etc/sudo.conf
    /etc/sudoers
    /etc/sudoers.d/
    /etc/sudo-ldap.conf

    /etc/sudoer sudo安全策略配置文件

    Defaults    requiretty
Defaults   !visiblepw
Defaults    always_set_home
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root	ALL=(ALL) 	ALL
#includedir /etc/sudoers.d

    环境变量

    requiretty # 登录用户允许运行sudo
always_set_home
visiblepw # sudo拒绝未通过密码验证的用户后,是否显示信息

    别名

         # User alias specification
     User_Alias      FULLTIMERS = millert, mikef, dowdy
     User_Alias      PARTTIMERS = bostley, jwfox, crawl
     User_Alias      WEBMASTERS = will, wendy, wim

         # Runas alias specification
     Runas_Alias     OP = root, operator
     Runas_Alias     DB = oracle, sybase
     Runas_Alias     ADMINGRP = adm, oper

         # Host alias specification
     Host_Alias      SPARC = bigtime, eclipse, moet, anchor :
                     SGI = grolsch, dandelion, black :
                     ALPHA = widget, thalamus, foobar :
                     HPPA = boa, nag, python
     Host_Alias      CUNETS = 128.138.0.0/255.255.0.0
     Host_Alias      CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
     Host_Alias      SERVERS = master, mail, www, ns
     Host_Alias      CDROM = orion, perseus, hercules

         # Cmnd alias specification
     Cmnd_Alias      DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,
                             /usr/sbin/restore, /usr/sbin/rrestore
     Cmnd_Alias      KILL = /usr/bin/kill
     Cmnd_Alias      PRINTING = /usr/sbin/lpc, /usr/bin/lprm
     Cmnd_Alias      SHUTDOWN = /usr/sbin/shutdown
     Cmnd_Alias      HALT = /usr/sbin/halt
     Cmnd_Alias      REBOOT = /usr/sbin/reboot
     Cmnd_Alias      SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,
                              /usr/local/bin/tcsh, /usr/bin/rsh,
                              /usr/local/bin/zsh
     Cmnd_Alias      SU = /usr/bin/su
     Cmnd_Alias      PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

    访问控制

         # User specification, format: User Host = (RunAs) Command
     root            ALL = (ALL) ALL
     %wheel          ALL = (ALL) ALL     # root用户,wheel组成员允许以任意用户身份在任意主机执行任意命令
   
     FULLTIMERS      ALL = NOPASSWD: ALL # FULLTIMERS用户别名的成员允许在任意主机执行任意命令,无须密码认证
     PARTTIMERS      ALL = ALL           # PARTTIMERS用户别名的成员允许在任意主机执行任意命令,首次需要密码认证

     bob             SPARC = (OP) ALL : SGI = (OP) ALL         # ':' 分隔2类主机
     fred            ALL = (DB) NOPASSWD: ALL
     WEBMASTERS      www = (www) ALL, (root) /usr/bin/su www   # ',' 分隔2类用户身份
     operator        ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING, sudoedit /etc/printcap, /usr/oper/bin/
  • 相关阅读:
    Linux安装Docker
    Api接口防攻击防刷注解实现
    Api接口鉴权注解实现
    RSA加解密 Java
    Windows安装Mysql 5.7
    Mysql创建自增序列
    new String与toString的区别
    各排序算法复杂度及稳定性
    描述快排以及其复杂度
    innodb和myisam的区别
  • 原文地址:https://www.cnblogs.com/liujitao79/p/4107564.html
Copyright © 2011-2022 走看看