Linux sudo 命令使用简介

by:授客 QQ1033553122

基本语法:

$ sudo [-u username] [command]

-u:将身份变成username的身份

#编辑/etc/sudoers (注意,这里使用 visudo 而不是 vi 来设置。

# visudo

## Sudoers allows particular users to run various commands as

## the root user, without needing the root password.

##

## Examples are provided at the bottom of the file for collections

## of related commands, which can then be delegated out to particular

## users or groups.

##

## Host Aliases

## Groups of machines. You may prefer to use hostnames (perhaps using

## wildcards for entire domains) or IP addresses instead.

# Host_Alias     FILESERVERS = fs1, fs2

# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases

## These aren't often necessary, as you can use regular groups

## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

## rather than USERALIAS

# User_Alias ADMINS = jsmith, mikem

## Command Aliases

## These are groups of related commands...

## Networking

## Sudoers allows particular users to run various commands as

## the root user, without needing the root password.

##

## Examples are provided at the bottom of the file for collections

## of related commands, which can then be delegated out to particular

## users or groups.

##

## Host Aliases

## Groups of machines. You may prefer to use hostnames (perhaps using

## wildcards for entire domains) or IP addresses instead.

# Host_Alias     FILESERVERS = fs1, fs2

# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases

## These aren't often necessary, as you can use regular groups

## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

## rather than USERALIAS

# User_Alias ADMINS = jsmith, mikem

## Command Aliases

## These are groups of related commands...

## Networking

## Installation and management of software

# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services

# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database

# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage

## Delegating permissions

# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes

# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers

# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#

# Disable "ssh hostname sudo ", because it will show the password in clear.

#         You have to run "ssh -t hostname sudo ".

#

Defaults    requiretty

#

# Refuse to run if unable to disable echo on the tty. This setting should also be

# changed in order to be able to use sudo without a tty. See requiretty above.

#

Defaults   !visiblepw

#

# Preserving HOME has security implications since many programs

# use it when searching for configuration files. Note that HOME

# is already set when the the env_reset option is enabled, so

# this option is only effective for configurations where either

# env_reset is disabled or HOME is present in the env_keep list.

#

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#

# Adding HOME to env_keep may enable a user to run unrestricted

# Refuse to run if unable to disable echo on the tty. This setting should also be

# changed in order to be able to use sudo without a tty. See requiretty above.

#

Defaults   !visiblepw

#

# Preserving HOME has security implications since many programs

# use it when searching for configuration files. Note that HOME

# is already set when the the env_reset option is enabled, so

# this option is only effective for configurations where either

# env_reset is disabled or HOME is present in the env_keep list.

#

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

#

# Adding HOME to env_keep may enable a user to run unrestricted

# commands via sudo.

#

# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on

## which machines (the sudoers file can be shared between multiple

## systems).

## Syntax:

##

##      user    MACHINE=COMMANDS

##

## The COMMANDS section may have other options added to it.

##

## Allow root to run any commands anywhere

root    ALL=(ALL)       ALL

laiyu   ALL=(ALL)       ALL  #根据上述提示,模仿root用户添加自定义用户laiyu,使其可执行sudo命令

test    ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software,

## service management apps and more.

# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL  ##这行默认是注释掉的。如果取消注释,则群组为 wheel 的人就可以进行root 的身份工作!这个 wheel 是系统预设的 group!因此,如果想要让这部主机里头的一般身份使用者具有sudo 的使用权限,那么就必需将该 user 放入支持 wheel 这个群组里头!

## Same thing without a password

# %wheel        ALL=(ALL)       NOPASSWD: ALL  #默认是注释掉的,运行所有wheel组群的用户不实用密码

## Allows members of the users group to mount and unmount the

## cdrom as root

# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system

# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

#includedir /etc/sudoers.d

实验检验真理:

[root@localhost ~]# su laiyu

[laiyu@localhost root]$ pwd

/root

[laiyu@localhost root]$ mkdir test

mkdir: cannot create directory `test': Permission denied

 

[laiyu@localhost root]$ sudo mkdir test  ##在以laiyu身份在/root目录下创建test文件

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

[sudo] password for laiyu:

Sorry, try again.

[sudo] password for laiyu:   ##注意这里输入的是用户laiyu自己的密码,而不是root的密码

[laiyu@localhost root]$ ls

ls: cannot open directory .: Permission denied

[laiyu@localhost root]$ sudo ls

anaconda-ks.cfg  file  install.log  install.log.syslog   myfile  test

[laiyu@localhost root]$

[laiyu@localhost root]$ su root

Password:

[root@localhost ~]# sudo -u laiyu rm test  #说明不能以root身份 sudo –u 普通身份

rm: cannot remove `test': Permission denied

[root@localhost ~]# sudo

usage: sudo -h | -K | -k | -L | -V

usage: sudo -v [-AknS] [-g groupname|#gid] [-p prompt] [-u user name|#uid]

usage: sudo -l[l] [-AknS] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]

usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []

usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...

[root@localhost ~]# su laiyu

[laiyu@localhost root]$ sudo -u root rmdir test   #这样成功了

[laiyu@localhost ~]$ su - test

Password:

[test@localhost ~]$ pwd

/home/test

[test@localhost ~]$ sudo -u laiyu mkdir -p /home/laiyu/tes  #成功从普通用户test切换到普通用户laiyu执行命令

[test@localhost ~]$ su - laiyu

Password:

[laiyu@localhost ~]$ ls /home/laiyu

tes

[laiyu@localhost ~]$

Linux sudo 命令使用简介的更多相关文章

  1. Linux sudo 命令的应用

    .note-content { font-family: "Helvetica Neue", Arial, "Hiragino Sans GB", STHeit ...

  2. Linux sudo命令——sudoers文件的配置

    Linux sudo命令与其配置文件/etc/sudoers   对linux有一定了解的人多少也会知道点关于sudo命令.sudo命令核心思想是权限的赋予 ,即某个命令的所属用户不是你自己,而你却有 ...

  3. linux sudo命令

    Sudo”是Unix/Linux平台上的一个非常有用的工具,它允许系统管理员分配给普通用户一些合理的“权利”,让他们执行一些只有超级用户或其他 特许用户才能完成的任务,比如:运行一些像mount,ha ...

  4. Linux nohup命令应用简介--让Linux的进程不受终端影响

    nohup命令应用简介--让Linux的进程不受终端影响 by:授客 QQ:1033553122   #开启ping进程 [root@localhost ~]# ping localhost & ...

  5. [转]linux sudo 命令

    转自:http://www.cnblogs.com/xiaochaohuashengmi/archive/2011/11/11/2245341.html “Sudo”是Unix/Linux平台上的一个 ...

  6. linux sudo 命令

    简单的说,sudo 是一种权限管理机制,管理员可以授权于一些普通用户去执行一些 root 执行的操作,而不需要知道 root 的密码.严谨些说,sudo 允许一个已授权用户以超级用户或者其它用户的角色 ...

  7. linux sudo命令详解

    --sudo命令重启网卡 sudo service network restart http://bestchenwu.iteye.com/blog/1450292

  8. 转 Linux sudo命令

    脚本中使用$HOME变量 问题描述:某些同事原来写的脚本中包含如下内容. BIN_DIR=${HOME}/tools TAIR_BIN_DIR=${HOME}/tair_binTAIR_SRC_DIR ...

  9. linux sudo命令失败 提示sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位

    sudo:/usr/bin/sudo 必须属于用户 ID 0(的用户)并且设置 setuid 位 一.前言 这是一个神奇的错误,缘由是因为有人将/usr/bin/sudo的权限改为777或其他. 解决 ...

随机推荐

  1. 全球各大邮件SMTP服务限制

    常用免费SMTP服务的发送限制,转贴 GMail 免费邮箱 http://gmail.google.comSMTP 服务器:smtp.gmail.com策略:发送延时 0,每天发送量限制 50(GMa ...

  2. Twitter Bootstrap3小结

    今天有空,小结一下Twitter Bootstrap 3的使用.首先不得不说,Bootstrap是迄今(2014)比较好的WEB设计框架(当然,其它的优秀WEB Framework还有:Foundat ...

  3. StreamSets学习系列之StreamSets是什么?

    不多说,直接上干货! StreamSets是一个侧重数据集成.数据加工流程构建的平台,也是一个开源的产品.通过StreamSets,用户可以方便的接入不同的数据源,并且完成数据加工流程的构建.Stea ...

  4. AR介绍

    AR介绍 AR全名扩增实境,是一种实时融合现实与虚拟的图像技术. AR技术的三板斧:感知(寻找目标定位位置-与环境交互),渲染(实现产品交互-与客户交互),追踪(捕捉目标运动轨迹-客户环境上下文). ...

  5. PTA (Advanced Level) 1006 Sign In and Sign Out

    Sign In and Sign Out At the beginning of every day, the first person who signs in the computer room ...

  6. Spring 3.1新特性之二:@Enable*注解的源码,spring源码分析之定时任务Scheduled注解

    分析SpringBoot的自动化配置原理的时候,可以观察下这些@Enable*注解的源码,可以发现所有的注解都有一个@Import注解.@Import注解是用来导入配置类的,这也就是说这些自动开启的实 ...

  7. (转)Spring常用注解

    使用注解来构造IOC容器 用注解来向Spring容器注册Bean.需要在applicationContext.xml中注册<context:component-scan base-package ...

  8. BFS算法(——模板习题与总结)

    首先需要说明的是BFS算法(广度优先算法)本质上也是枚举思想的一种体现,本身效率不是很高,当数据规模很小的时候还是可以一试的.其次很多人可能有这样的疑问,使用搜索算法的时候,到底选用DFS还是BFS, ...

  9. AutoMapper项目实践

    本次示例,我们单独创建一个 AutoMapperService 的项目,用于放置映射配置文件,映射注册方法,映射公共方法. 1.映射配置文件 用于配置源实体到目标实体的映射 public class ...

  10. JS DOM 操作 项目总结 【超链接】【数列】【span】

      超链接   每次定义链接样式时务必确认定义的顺序,link--visited--hover-active,也就是我们常说到的LoVe HAte原则(大写字母就是它们的首字母). “爱恨原则”(Lo ...