| |
Because root privileges too, so can not be directly under Linux login as an administrator, or su - root to operate, then we need to use the sudo command to help us perform ordinary user does not have permission management commands.
sudo command features:
1, authorize the specified user on the specified host to run specific administrative commands;
2, a detailed record of the user log information based on the command sudo executed;
3 "ticket system": the timeliness of certification, the user will be asked to first run sudo password to verify user identity positive, after the success of the user will receive a fixed time to survive long "token"; 5 minutes
How to achieve sudo functions?
/ Etc / sudoers: authority, can only be edited by the administrator; but generally do not go directly to the editor vim, since there may be a syntax error, it is generally use a dedicated tool visudo command to edit authorization.
/ Etc / sudoers:
Note: The alias definitions: alias must use all uppercase characters
Built-in variables: ALL: All users
User_Alias:
User_Alias NAME = item1, item2, ...
item:
username
%group name
#UID
$ # GID
User_Alias (means that you can use an alias has been defined)
Example: User_Alias ADMIN = CentOS,% lx, # 500
Means that the definition ADMIN alias, users have centos, lx group, UID 500 users.
Host_Alias: which can be run on the host
Host_AliasNAME = item1, item2, ...
item:
hostname
ip
network
Host_Alias
Example: Host_Alias ALLOWADDR = 172.16.37.10,172.16.0.0 / 16
It means that the definition ALLOWADDR aliases, there is ip 172.16.37.10, network address 172.16.0.0/16
Runas_Alias
Runas_AliasNAME = item1, item2, ...
The usage and User_Alias
Cmnd_Alias:
Cmnd_AliasNAME = item1, item2, ...
item:
command
Contents (all commands directory)
Cmnd_Alias
Example: Cmnd_Alias COMMAND = / usr / sbin / useradd, / usr / sbin / userdel, / usr / sbin
It means that the definition COMMAND aliases, has all the commands useradd, userdel, and / usr / sbin under
When you define a desirable anti-: Cmnd_AliasPASSWD = / usr / bin / passwd [0-9A-Za-z] * ,! / usr / bin / passwd root
sudo authorization:
WHO HOST = (WHOM) COMMAND
Example: centos MYPC = (root) / usr / sbin / useradd
label:
NOPASSWD: indicates the command after the label do not lose your password
PASSWD: indicates commands are used after the label lost password
sudo command:
-l: To view the user executable sudo command current;
-u USERNAME COMMAND: a user specified to perform the specified COMMAND;
-k: Clear "token"
-b COMMAND: COMMAND specified in the background
-e / path / to / somefile: Modify the specified file;
Example: sudo-u centos useradd user1 |
|
|
|