当前位置:网站首页>Command - sudo
Command - sudo
2022-04-23 19:26:00 【Little monster 55】
sudo It's a kind of authority management mechanism , It allows the system administrator to assign reasonable tasks to ordinary users " right ", Let them perform tasks that only super users or other authorized users can complete , such as : Run something like mount,halt,su Orders like that , Or edit some system configuration files , image /etc/mtab,/etc /samba/smb.conf etc. .
1.su
Switching users
Format
# Format
1)su
-[l]/--login username
2)su username
# Don't specify username The default is root
1 and 2 The difference between :1 After switching users , Also switch to the new user's work environment
2 After switching users , Do not change the original user's working directory , And other environment variable directories
- 1.
- 2.
- 3.
- 4.
- 5.
Example
[[email protected] ~]
# su openstack
[[email protected] root]
$ pwd
/root
[[email protected] root]
$ exit
exit
[[email protected] ~]
# su - openstack
Last login: Sat Apr
23
17:44:35 CST
2022 on pts/0
[[email protected] ~]
$ pwd
/home/openstack
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
2.sudo
package :sudo
help :man
5 sudoers
effect : Authorize the specified user , On the specified host , Run some commands ; If an unauthorized user attempts to use sudo, You will be prompted to contact the administrator
Provide logs , Record user usage sudo operation
Provide configuration files for system administrators , Manage user permissions and hosts
Use a timestamp file to accomplish something like
" Ticket checking " The system of , The default deposit period is 5min
# adopt visudo Command edit profile , It has the function of grammar checking
use visudo Command to edit /etc/sudoers
usage: visudo [-chqsV] [-f sudoers]
visudo
-c
# Syntax check
visudo
-f /etc/sudoers.d/test
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.1. file
The configuration file :/etc/sudoers /etc/sudoers.d/*
Time stamp file :/var/db/sudo
Log files :/var/log/secure
Profile support : wildcard glob
?
*
[wxc]
# Match one of the characters
[!wxc]
\x
# escape
[[alpha]]
# There are two types of profile rules :
1. The alias definition : It's not necessary
2. Authorization rules : must
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
2.2. Authorization rules
user host
= (runas) command
user Log in to the host
= ( On behalf of the user ) command
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
-
root ALL
= (ALL) ALL
user:
# The identity of the person who ran the command
host:
# Through which hosts
(runas):
# As which user
command:
# Which commands to run
# Example :
wang
192.168.37
.7
=(root) /bin/mount /dev/sr0 /mnt
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.3. Alias
#user and runas:
username
#uid
%group_name
%
#gid
user_alias|runas_alias
#host:
ip or hostname
network(/netmask)
host_alias
#command:
command name
directory
sudoedit
Cmnd_Alias
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
# There are four types of aliases
User_Alias
Runas_Alias
Host_Alias
Cmnd_Alias
# Alias format
[A-Z]([A-Z][0-9]_)*
# The alias definition :
Alias_Type
NAME1
=item1,item2,item3
:NAME2
=item4,item5
Example 1:
Student
ALL
=(ALL) ALL
%wheel
ALL
=(ALL) ALL
Example 2:
Student
ALL
=(root) /sbin/pidof,/sbin/ifconfig
%wheel
ALL
=(ALL) NOPASSWD:ALL
Example 3:
User_Alias
NETADMIN
= netuser1,netuser2
Cmnd_Alias NETCMD
= /usr/sbin/ip
NETADMIN
ALL
=(root) NETCMD
Example 4:
User_Alias
SYSADER
=wang,mage,%admins
User_Alias
DISKADER
=tom
Host_Alias
SERS
=www.magedu.com,172.16.0.0/24
Runas_Alias
OP
=root
Cmnd_Alias
SYDCMD
=/bin/chown,/bin/chmod
Cmnd_Alias
DSKCMD
=/sbin/parted,/sbin/fdisk
SYSADER
SERS
= SYDCMD,DSKCMD
DISKADER
ALL
=(OP) DSKCMD
User_Alias ADMINUSER
= adminuser1,adminuser2
Cmnd_Alias ADMINCMD
= /usr/sbin/useradd,/usr/sbin/usermod, /usr/bin/passwd [a-zA-Z]*, !/usr/bin/passwd root
ADMINUSER
ALL
=(root) NOPASSWD:ADMINCMD,PASSWD:/usr/sbin/userdel
Example 5:
Defaults:wang
runas_default
=tom
wang
ALL
=(tom,jerry) ALL
Example 6:
wang
192.168.1.6,192.168.1
.8
=(root) /usr/sbin/,!/usr/sbin/useradd
Example 7:
wang
ALL
=(ALL) /bin/cat /var/log/messages*
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
2.4.sudo command
sudo –i –u wang Switch identities
sudo [-u user] COMMAND
-V
# Display configuration information such as version information
-u user
# Think root
-l,ll
# List the commands available and disabled on the host
-v
# Extend the validity of the password 5 minute , Update timestamp
-k
# Clear timestamp (1970-01-01), I need to retype the password next time
-K
#-k similar , Also delete the timestamp file
-b
# Execute instructions in the background
-p
# Change the prompt symbol for asking for the password
Example :-p
"password on %h for user %p:"
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
版权声明
本文为[Little monster 55]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231859372099.html
边栏推荐
- Customize the non slidable viewpage and how to use it
- White screen processing method of fulter startup page
- Using oes texture + glsurfaceview + JNI to realize player picture processing based on OpenGL es
- Some ideas about time-consuming needs assessment
- SQL Server database in clause and exists clause conversion
- arcgis js api dojoConfig配置
- Executor、ExecutorService、Executors、ThreadPoolExecutor、Future、Runnable、Callable
- MySQL syntax collation (2)
- Tencent cloud GPU best practices - remote development training using jupyter pycharm
- Audio signal processing and coding - 2.5.3 the discrete cosine transform
猜你喜欢
![[报告] Microsoft :Application of deep learning methods in speech enhancement](/img/29/2d2addd826359fdb0920e06ebedd29.png)
[报告] Microsoft :Application of deep learning methods in speech enhancement
On the forced conversion of C language pointer
ArcMap连接 arcgis server
ArcMap connecting ArcGIS Server
No, some people can't do the National Day avatar applet (you can open the traffic master and earn pocket money)
I just want to leave a note for myself
redis优化系列(三)解决主从配置后的常见问题
Class loading process of JVM
Using oes texture + glsurfaceview + JNI to realize player picture processing based on OpenGL es
2021-2022-2 ACM training team weekly Programming Competition (8) problem solution
随机推荐
Redis optimization series (III) solve common problems after master-slave configuration
[transfer] summary of new features of js-es6 (one picture)
openlayers 5.0 两种居中方式
Quick start to static class variables
C学习完结
音频编辑生成软件
JS to get the local IP address
MySQL practical skills
Hot reload debugging
MySQL syntax collation (4)
Main differences between go and PHP
机器学习目录
PostgreSQL
Class loading mechanism
One stop service platform for high-level talents and development of comprehensive service platform system for talents
Lottery applet, mother no longer have to worry about who does the dishes (assign tasks), so easy
Convert string to JSON
TI DSP的 FFT与IFFT库函数的使用测试
SQL常用的命令
Pdf reference learning notes