zoukankan      html  css  js  c++  java
  • Linux sudo 命令使用简介

    Linux sudo 命令使用简介

    by:授客 QQ1033553122

    基本语法:

    $ sudo [-u username] [command]

    -u:将身份变成username的身份

     

     

    #编辑/etc/sudoers (注意,这里使用 visudo 而不是 vi 来设置。

    # visudo

     

    ## Sudoers allows particular users to run various commands as

    ## the root user, without needing the root password.

    ##

    ## Examples are provided at the bottom of the file for collections

    ## of related commands, which can then be delegated out to particular

    ## users or groups.

    ##

    ## Host Aliases

    ## Groups of machines. You may prefer to use hostnames (perhaps using

    ## wildcards for entire domains) or IP addresses instead.

    # Host_Alias     FILESERVERS = fs1, fs2

    # Host_Alias     MAILSERVERS = smtp, smtp2

     

    ## User Aliases

    ## These aren't often necessary, as you can use regular groups

    ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

    ## rather than USERALIAS

    # User_Alias ADMINS = jsmith, mikem

    ## Command Aliases

    ## These are groups of related commands...

     

    ## Networking

    ## Sudoers allows particular users to run various commands as

    ## the root user, without needing the root password.

    ##

    ## Examples are provided at the bottom of the file for collections

    ## of related commands, which can then be delegated out to particular

    ## users or groups.

    ##

    ## Host Aliases

    ## Groups of machines. You may prefer to use hostnames (perhaps using

    ## wildcards for entire domains) or IP addresses instead.

    # Host_Alias     FILESERVERS = fs1, fs2

    # Host_Alias     MAILSERVERS = smtp, smtp2

     

    ## User Aliases

    ## These aren't often necessary, as you can use regular groups

    ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

    ## rather than USERALIAS

    # User_Alias ADMINS = jsmith, mikem

    ## Command Aliases

    ## These are groups of related commands...

     

    ## Networking

     

    ## Installation and management of software

    # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

     

    ## Services

    # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

     

    ## Updating the locate database

    # Cmnd_Alias LOCATE = /usr/bin/updatedb

     

    ## Storage

     

    ## Delegating permissions

    # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

     

    ## Processes

    # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

     

    ## Drivers

    # Cmnd_Alias DRIVERS = /sbin/modprobe

     

    # Defaults specification

     

    #

    # Disable "ssh hostname sudo ", because it will show the password in clear.

    #         You have to run "ssh -t hostname sudo ".

    #

    Defaults    requiretty

     

    #

    # Refuse to run if unable to disable echo on the tty. This setting should also be

    # changed in order to be able to use sudo without a tty. See requiretty above.

    #

    Defaults   !visiblepw

     

    #

    # Preserving HOME has security implications since many programs

    # use it when searching for configuration files. Note that HOME

    # is already set when the the env_reset option is enabled, so

    # this option is only effective for configurations where either

    # env_reset is disabled or HOME is present in the env_keep list.

    #

    Defaults    always_set_home

     

    Defaults    env_reset

    Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

    Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

    Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

    Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

    Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

     

    #

    # Adding HOME to env_keep may enable a user to run unrestricted

    # Refuse to run if unable to disable echo on the tty. This setting should also be

    # changed in order to be able to use sudo without a tty. See requiretty above.

    #

    Defaults   !visiblepw

     

    #

    # Preserving HOME has security implications since many programs

    # use it when searching for configuration files. Note that HOME

    # is already set when the the env_reset option is enabled, so

    # this option is only effective for configurations where either

    # env_reset is disabled or HOME is present in the env_keep list.

    #

    Defaults    always_set_home

     

    Defaults    env_reset

    Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

    Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

    Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

    Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

    Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

     

    #

    # Adding HOME to env_keep may enable a user to run unrestricted

    # commands via sudo.

    #

    # Defaults   env_keep += "HOME"

     

    Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

     

    ## Next comes the main part: which users can run what software on

    ## which machines (the sudoers file can be shared between multiple

    ## systems).

    ## Syntax:

    ##

    ##      user    MACHINE=COMMANDS

    ##

    ## The COMMANDS section may have other options added to it.

    ##

    ## Allow root to run any commands anywhere

    root    ALL=(ALL)       ALL

    laiyu   ALL=(ALL)       ALL  #根据上述提示,模仿root用户添加自定义用户laiyu,使其可执行sudo命令

    test    ALL=(ALL)       ALL

    ## Allows members of the 'sys' group to run networking, software,

    ## service management apps and more.

    # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

     

    ## Allows people in group wheel to run all commands

    # %wheel        ALL=(ALL)       ALL  ##这行默认是注释掉的。如果取消注释,则群组为 wheel 的人就可以进行root 的身份工作!这个 wheel 是系统预设的 group!因此,如果想要让这部主机里头的一般身份使用者具有sudo 的使用权限,那么就必需将该 user 放入支持 wheel 这个群组里头!

     

    ## Same thing without a password

    # %wheel        ALL=(ALL)       NOPASSWD: ALL  #默认是注释掉的,运行所有wheel组群的用户不实用密码

     

    ## Allows members of the users group to mount and unmount the

    ## cdrom as root

    # %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

     

    ## Allows members of the users group to shutdown this system

    # %users  localhost=/sbin/shutdown -h now

     

    ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

    #includedir /etc/sudoers.d

     

    实验检验真理:

    [root@localhost ~]# su laiyu

    [laiyu@localhost root]$ pwd

    /root

    [laiyu@localhost root]$ mkdir test

    mkdir: cannot create directory `test': Permission denied

     

    [laiyu@localhost root]$ sudo mkdir test  ##在以laiyu身份在/root目录下创建test文件

    We trust you have received the usual lecture from the local System

    Administrator. It usually boils down to these three things:

     

        #1) Respect the privacy of others.

        #2) Think before you type.

        #3) With great power comes great responsibility.

    [sudo] password for laiyu:

    Sorry, try again.

    [sudo] password for laiyu:   ##注意这里输入的是用户laiyu自己的密码,而不是root的密码

    [laiyu@localhost root]$ ls

    ls: cannot open directory .: Permission denied

    [laiyu@localhost root]$ sudo ls

    anaconda-ks.cfg  file  install.log  install.log.syslog   myfile  test

    [laiyu@localhost root]$

     

    [laiyu@localhost root]$ su root

    Password:

    [root@localhost ~]# sudo -u laiyu rm test  #说明不能以root身份 sudo –u 普通身份

    rm: cannot remove `test': Permission denied

     

    [root@localhost ~]# sudo

    usage: sudo -h | -K | -k | -L | -V

    usage: sudo -v [-AknS] [-g groupname|#gid] [-p prompt] [-u user name|#uid]

    usage: sudo -l[l] [-AknS] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]

    usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []

    usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...

    [root@localhost ~]# su laiyu

    [laiyu@localhost root]$ sudo -u root rmdir test   #这样成功了

     

    [laiyu@localhost ~]$ su - test

    Password:

    [test@localhost ~]$ pwd

    /home/test

    [test@localhost ~]$ sudo -u laiyu mkdir -p /home/laiyu/tes  #成功从普通用户test切换到普通用户laiyu执行命令

     

    [test@localhost ~]$ su - laiyu

    Password:

    [laiyu@localhost ~]$ ls /home/laiyu

    tes

    [laiyu@localhost ~]$

  • 相关阅读:
    JavaScript浏览器对象模型(BOM)之location对象
    JavaScript浏览器对象模型(BOM)之window对象
    8-python模拟登入(无验证码)
    7-python自定义opener
    6-豆瓣剧情排行爬虫
    2-chrome无法添加扩展程序
    5-有道爬虫demo(post)
    4-fiddler抓包中文乱码:
    3-百度贴吧爬虫
    2-python代码坑点
  • 原文地址:https://www.cnblogs.com/shouke/p/10158097.html
Copyright © 2011-2022 走看看