Linux sudo 命令使用简介

by:授客 QQ1033553122

基本语法:

$ sudo [-u username] [command]

-u:将身份变成username的身份

#编辑/etc/sudoers (注意,这里使用 visudo 而不是 vi 来设置。

# visudo

## Sudoers allows particular users to run various commands as

## the root user, without needing the root password.

##

## Examples are provided at the bottom of the file for collections

## of related commands, which can then be delegated out to particular

## users or groups.

##

## Host Aliases

## Groups of machines. You may prefer to use hostnames (perhaps using

## wildcards for entire domains) or IP addresses instead.

# Host_Alias     FILESERVERS = fs1, fs2

# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases

## These aren't often necessary, as you can use regular groups

## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

## rather than USERALIAS

# User_Alias ADMINS = jsmith, mikem

## Command Aliases

## These are groups of related commands...

## Networking

## Sudoers allows particular users to run various commands as

## the root user, without needing the root password.

##

## Examples are provided at the bottom of the file for collections

## of related commands, which can then be delegated out to particular

## users or groups.

##

## Host Aliases

## Groups of machines. You may prefer to use hostnames (perhaps using

## wildcards for entire domains) or IP addresses instead.

# Host_Alias     FILESERVERS = fs1, fs2

# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases

## These aren't often necessary, as you can use regular groups

## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

## rather than USERALIAS

# User_Alias ADMINS = jsmith, mikem

## Command Aliases

## These are groups of related commands...

## Networking

## Installation and management of software

# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services

# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database

# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage

## Delegating permissions

# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes

# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers

# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#

# Disable "ssh hostname sudo ", because it will show the password in clear.

#         You have to run "ssh -t hostname sudo ".

#

Defaults    requiretty

#

# Refuse to run if unable to disable echo on the tty. This setting should also be

# changed in order to be able to use sudo without a tty. See requiretty above.

#

Defaults   !visiblepw

#

# Preserving HOME has security implications since many programs

# use it when searching for configuration files. Note that HOME

# is already set when the the env_reset option is enabled, so

# this option is only effective for configurations where either

# env_reset is disabled or HOME is present in the env_keep list.

#

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#

# Adding HOME to env_keep may enable a user to run unrestricted

# Refuse to run if unable to disable echo on the tty. This setting should also be

# changed in order to be able to use sudo without a tty. See requiretty above.

#

Defaults   !visiblepw

#

# Preserving HOME has security implications since many programs

# use it when searching for configuration files. Note that HOME

# is already set when the the env_reset option is enabled, so

# this option is only effective for configurations where either

# env_reset is disabled or HOME is present in the env_keep list.

#

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#

# Adding HOME to env_keep may enable a user to run unrestricted

# commands via sudo.

#

# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on

## which machines (the sudoers file can be shared between multiple

## systems).

## Syntax:

##

##      user    MACHINE=COMMANDS

##

## The COMMANDS section may have other options added to it.

##

## Allow root to run any commands anywhere

root    ALL=(ALL)       ALL

laiyu   ALL=(ALL)       ALL  #根据上述提示,模仿root用户添加自定义用户laiyu,使其可执行sudo命令

test    ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software,

## service management apps and more.

# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL  ##这行默认是注释掉的。如果取消注释,则群组为 wheel 的人就可以进行root 的身份工作!这个 wheel 是系统预设的 group!因此,如果想要让这部主机里头的一般身份使用者具有sudo 的使用权限,那么就必需将该 user 放入支持 wheel 这个群组里头!

## Same thing without a password

# %wheel        ALL=(ALL)       NOPASSWD: ALL  #默认是注释掉的,运行所有wheel组群的用户不实用密码

## Allows members of the users group to mount and unmount the

## cdrom as root

# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system

# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

#includedir /etc/sudoers.d

实验检验真理:

[root@localhost ~]# su laiyu

[laiyu@localhost root]$ pwd

/root

[laiyu@localhost root]$ mkdir test

mkdir: cannot create directory `test': Permission denied

 

[laiyu@localhost root]$ sudo mkdir test  ##在以laiyu身份在/root目录下创建test文件

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

[sudo] password for laiyu:

Sorry, try again.

[sudo] password for laiyu:   ##注意这里输入的是用户laiyu自己的密码,而不是root的密码

[laiyu@localhost root]$ ls

ls: cannot open directory .: Permission denied

[laiyu@localhost root]$ sudo ls

anaconda-ks.cfg  file  install.log  install.log.syslog   myfile  test

[laiyu@localhost root]$

[laiyu@localhost root]$ su root

Password:

[root@localhost ~]# sudo -u laiyu rm test  #说明不能以root身份 sudo –u 普通身份

rm: cannot remove `test': Permission denied

[root@localhost ~]# sudo

usage: sudo -h | -K | -k | -L | -V

usage: sudo -v [-AknS] [-g groupname|#gid] [-p prompt] [-u user name|#uid]

usage: sudo -l[l] [-AknS] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]

usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []

usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...

[root@localhost ~]# su laiyu

[laiyu@localhost root]$ sudo -u root rmdir test   #这样成功了

[laiyu@localhost ~]$ su - test

Password:

[test@localhost ~]$ pwd

/home/test

[test@localhost ~]$ sudo -u laiyu mkdir -p /home/laiyu/tes  #成功从普通用户test切换到普通用户laiyu执行命令

[test@localhost ~]$ su - laiyu

Password:

[laiyu@localhost ~]$ ls /home/laiyu

tes

[laiyu@localhost ~]$

Linux sudo 命令使用简介的更多相关文章

  1. Linux sudo 命令的应用

    .note-content { font-family: "Helvetica Neue", Arial, "Hiragino Sans GB", STHeit ...

  2. Linux sudo命令——sudoers文件的配置

    Linux sudo命令与其配置文件/etc/sudoers   对linux有一定了解的人多少也会知道点关于sudo命令.sudo命令核心思想是权限的赋予 ,即某个命令的所属用户不是你自己,而你却有 ...

  3. linux sudo命令

    Sudo”是Unix/Linux平台上的一个非常有用的工具,它允许系统管理员分配给普通用户一些合理的“权利”,让他们执行一些只有超级用户或其他 特许用户才能完成的任务,比如:运行一些像mount,ha ...

  4. Linux nohup命令应用简介--让Linux的进程不受终端影响

    nohup命令应用简介--让Linux的进程不受终端影响 by:授客 QQ:1033553122   #开启ping进程 [root@localhost ~]# ping localhost & ...

  5. [转]linux sudo 命令

    转自:http://www.cnblogs.com/xiaochaohuashengmi/archive/2011/11/11/2245341.html “Sudo”是Unix/Linux平台上的一个 ...

  6. linux sudo 命令

    简单的说,sudo 是一种权限管理机制,管理员可以授权于一些普通用户去执行一些 root 执行的操作,而不需要知道 root 的密码.严谨些说,sudo 允许一个已授权用户以超级用户或者其它用户的角色 ...

  7. linux sudo命令详解

    --sudo命令重启网卡 sudo service network restart http://bestchenwu.iteye.com/blog/1450292

  8. 转 Linux sudo命令

    脚本中使用$HOME变量 问题描述:某些同事原来写的脚本中包含如下内容. BIN_DIR=${HOME}/tools TAIR_BIN_DIR=${HOME}/tair_binTAIR_SRC_DIR ...

  9. linux sudo命令失败 提示sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位

    sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位 一.前言 这是一个神奇的错误,缘由是因为有人将/usr/bin/sudo的权限改为777或其他. 解决 ...

随机推荐

  1. Nginx 配置 Location 规则优先级问题

    nginx 的 location与配置中 location 顺序没有关系,与 location 表达式的类型有关.相同类型的表达式,字符串长的会优先匹配. 以下是按优先级排列说明: 等号类型(=)的优 ...

  2. Spring Cloud Eureka

    搭建服务注册中心 创建eureka-center,pom.xml如下: <?xml version="1.0" encoding="UTF-8"?> ...

  3. 查漏补缺之开g的正则

    当正则表达式开了挂,就会多一个g的修饰符,用于表示全局匹配.然而这个表达式却不仅仅是多了个g这么简单,它的方法也会发生改变.由于之前不是太了解,今天好好捋一下,且听我细细道来. 正则表达式的方法和属性 ...

  4. Android 安装时报错INSTALL_FAILED_NO_MATCHING_ABIS 的解决办法

    $ adb push D:\AndroidstudioTestWorkSpace\app\build\outputs\apk\app-debug.apk       /data/local/tmp/c ...

  5. Jenkins-pipeline的实现步骤

    jenkins实现持续集成 搭建jenkins环境,安装插件 建立pipeline公用类库,文件夹vars,默认的 添加.groovy文件,可以由以下几个类库组成 dockerImageBuild 负 ...

  6. Searching with Deep Learning 深度学习的搜索应用

    本文首发于 vivo 互联网技术微信公众号 https://mp.weixin.qq.com/s/wLMvJPXXaND9xq-XMwY2Mg作者:Eike Dehling翻译:杨振涛 本文由来自 T ...

  7. Iptables之recent模块小结

    Iptables的recent模块用于限制一段时间内的连接数, 是谨防大量请求攻击的必杀绝技! 善加利用该模块可充分保证服务器安全. recent常用参数--name      设定列表名称,即设置跟 ...

  8. 下载imagenet2012数据集,以及label说明

    updated@2018-12-07 15:22:08 官方下载地址:http://www.image-net.org/challenges/LSVRC/2012/nonpub-downloads , ...

  9. ActiveMQ与Spring整合-MessageListener

    消费者,使用监听的实现方式. 1. pom.xml 2. 生产者 package org.ygy.mq.lesson04; import javax.jms.JMSException; import  ...

  10. UIView动画上

    主要参考:http://blog.csdn.net/huifeidexin_1/article/details/7597868  http://www.2cto.com/kf/201409/33566 ...