zoukankan      html  css  js  c++  java
  • linux sudo命令

      sudo

           Instead of using the root user account, unprivileged users can be configured for using administrator permissions on specific tasks by using sudo. When sudo is configured, ordinary users have sudo privileges and to use these privileges, they will start the command using  sudo . So, instead of using commands like  useradd  as the root user, you use an ordinary user account and type  sudo useradd . This is definitely more secure because you will only be able to act as if you have administrator permissions while running this specific command.  

           When creating Linux users during the installation process, you can select to grant administrator permissions to that specific user. If you select to do so, the user will be able to use all administrator commands using sudo. It is also possible to set up sudo privileges after installation. To do that in a very easy way, you have to accomplish a simple two-step procedure:     

           1.   Make the administrative user account member of the group wheel by using  usermod -aG wheel user .     

           2.   Type  visudo  and make sure the line %wheel ALL=(ALL) ALL is included.

    [rusky@rhel7 ~]$ useradd test   --普通账号rusky是没有权限添加用户的
    -bash: /usr/sbin/useradd: Permission denied
    [rusky@rhel7 ~]$ sudo useradd test  --使用sudo提升到administrator权限失败
    
    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:
    
        #1) Respect the privacy of others.
        #2) Think before you type.
        #3) With great power comes great responsibility.
    
    [sudo] password for rusky: 
    rusky is not in the sudoers file.  This incident will be reported.   
    [rusky@rhel7 ~]$ id rusky
    uid=1000(rusky) gid=1000(rusky) groups=1000(rusky)
    
    ==========================================
    处理方法:
    [rusky@rhel7 ~]$ su -
    Password: 
    Last login: Thu Jun 16 03:50:19 EDT 2016 from rhel7.com on pts/4
    [root@rhel7 ~]# usermod -aG wheel rusky     --执行这条命令
    [root@rhel7 ~]# visudo       --
    ## Allows people in group wheel to run all commands
    %wheel  ALL=(ALL)       ALL
    
    [root@rhel7 ~]# su - rusky
    Last login: Thu Jun 16 04:06:56 EDT 2016 on pts/4
    [rusky@rhel7 ~]$ useradd
    -bash: /usr/sbin/useradd: Permission denied
    [rusky@rhel7 ~]$ sudo useradd test   --使用sudo 添加用户正常
    [sudo] password for rusky: 

     =========================

    [root@rhel7 ~]#usermod -aG wheel rusky  ---修改用户,将用户rusky添加到附加组wheel组(系统默认就有这个组)

    这个rusky用户是安装系统的过种中创建的;也可以在使用useradd -g root -G wheel -d /home/rusky2 -m rusky2 命令创建新用户时添加到附加wheel组。

    -G, --groups GROUPS           new list of supplementary GROUPS

    -a, --append                  append the user to the supplemental GROUPS

    =====

    [root@rhel7 ~]# visudo

    ## Sudoers allows particular users to run various commands as

    ## the root user, without needing the root password

    . ...... 

    ## Allows people in group wheel to run all commands

    %wheel  ALL=(ALL)       ALL   -- 取消注释此行

  • 相关阅读:
    C++隐式推导-auto关键词
    git的几种实用操作(合并代码与暂存复原代码)
    CPU的后记,程序员的未来之计
    CPU中的程序是怎么运行起来的
    nginx-日志切割
    Linux里面使用navicat连接MySQL数据显示2002-Can't connect to local MysQL serverthrough socket'/var/lib/mysq/mysql.sock'(13"权限不够")
    Cacti图形中的方框乱码解决办法
    Cacti1.2.14最新版安装和配置(详细版)
    ERROR 1419 (HY000) at line 9: You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)
    Linux服务器查看对应网卡的网口
  • 原文地址:https://www.cnblogs.com/rusking/p/5591404.html
Copyright © 2011-2022 走看看