当前位置:网站首页>Command - sudo
Command - sudo
2022-04-23 19:26:00 【Little monster 55】
sudo It's a kind of authority management mechanism , It allows the system administrator to assign reasonable tasks to ordinary users " right ", Let them perform tasks that only super users or other authorized users can complete , such as : Run something like mount,halt,su Orders like that , Or edit some system configuration files , image /etc/mtab,/etc /samba/smb.conf etc. .
1.su
Switching users
Format
# Format
1)su
-[l]/--login username
2)su username
# Don't specify username The default is root
1 and 2 The difference between :1 After switching users , Also switch to the new user's work environment
2 After switching users , Do not change the original user's working directory , And other environment variable directories
- 1.
- 2.
- 3.
- 4.
- 5.
Example
[[email protected] ~]
# su openstack
[[email protected] root]
$ pwd
/root
[[email protected] root]
$ exit
exit
[[email protected] ~]
# su - openstack
Last login: Sat Apr
23
17:44:35 CST
2022 on pts/0
[[email protected] ~]
$ pwd
/home/openstack
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
2.sudo
package :sudo
help :man
5 sudoers
effect : Authorize the specified user , On the specified host , Run some commands ; If an unauthorized user attempts to use sudo, You will be prompted to contact the administrator
Provide logs , Record user usage sudo operation
Provide configuration files for system administrators , Manage user permissions and hosts
Use a timestamp file to accomplish something like
" Ticket checking " The system of , The default deposit period is 5min
# adopt visudo Command edit profile , It has the function of grammar checking
use visudo Command to edit /etc/sudoers
usage: visudo [-chqsV] [-f sudoers]
visudo
-c
# Syntax check
visudo
-f /etc/sudoers.d/test
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.1. file
The configuration file :/etc/sudoers /etc/sudoers.d/*
Time stamp file :/var/db/sudo
Log files :/var/log/secure
Profile support : wildcard glob
?
*
[wxc]
# Match one of the characters
[!wxc]
\x
# escape
[[alpha]]
# There are two types of profile rules :
1. The alias definition : It's not necessary
2. Authorization rules : must
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
2.2. Authorization rules
user host
= (runas) command
user Log in to the host
= ( On behalf of the user ) command
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
-
root ALL
= (ALL) ALL
user:
# The identity of the person who ran the command
host:
# Through which hosts
(runas):
# As which user
command:
# Which commands to run
# Example :
wang
192.168.37
.7
=(root) /bin/mount /dev/sr0 /mnt
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.3. Alias
#user and runas:
username
#uid
%group_name
%
#gid
user_alias|runas_alias
#host:
ip or hostname
network(/netmask)
host_alias
#command:
command name
directory
sudoedit
Cmnd_Alias
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
# There are four types of aliases
User_Alias
Runas_Alias
Host_Alias
Cmnd_Alias
# Alias format
[A-Z]([A-Z][0-9]_)*
# The alias definition :
Alias_Type
NAME1
=item1,item2,item3
:NAME2
=item4,item5
Example 1:
Student
ALL
=(ALL) ALL
%wheel
ALL
=(ALL) ALL
Example 2:
Student
ALL
=(root) /sbin/pidof,/sbin/ifconfig
%wheel
ALL
=(ALL) NOPASSWD:ALL
Example 3:
User_Alias
NETADMIN
= netuser1,netuser2
Cmnd_Alias NETCMD
= /usr/sbin/ip
NETADMIN
ALL
=(root) NETCMD
Example 4:
User_Alias
SYSADER
=wang,mage,%admins
User_Alias
DISKADER
=tom
Host_Alias
SERS
=www.magedu.com,172.16.0.0/24
Runas_Alias
OP
=root
Cmnd_Alias
SYDCMD
=/bin/chown,/bin/chmod
Cmnd_Alias
DSKCMD
=/sbin/parted,/sbin/fdisk
SYSADER
SERS
= SYDCMD,DSKCMD
DISKADER
ALL
=(OP) DSKCMD
User_Alias ADMINUSER
= adminuser1,adminuser2
Cmnd_Alias ADMINCMD
= /usr/sbin/useradd,/usr/sbin/usermod, /usr/bin/passwd [a-zA-Z]*, !/usr/bin/passwd root
ADMINUSER
ALL
=(root) NOPASSWD:ADMINCMD,PASSWD:/usr/sbin/userdel
Example 5:
Defaults:wang
runas_default
=tom
wang
ALL
=(tom,jerry) ALL
Example 6:
wang
192.168.1.6,192.168.1
.8
=(root) /usr/sbin/,!/usr/sbin/useradd
Example 7:
wang
ALL
=(ALL) /bin/cat /var/log/messages*
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
2.4.sudo command
sudo –i –u wang Switch identities
sudo [-u user] COMMAND
-V
# Display configuration information such as version information
-u user
# Think root
-l,ll
# List the commands available and disabled on the host
-v
# Extend the validity of the password 5 minute , Update timestamp
-k
# Clear timestamp (1970-01-01), I need to retype the password next time
-K
#-k similar , Also delete the timestamp file
-b
# Execute instructions in the background
-p
# Change the prompt symbol for asking for the password
Example :-p
"password on %h for user %p:"
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
版权声明
本文为[Little monster 55]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231859372099.html
边栏推荐
- Convert string to JSON
- Openharmony open source developer growth plan, looking for new open source forces that change the world!
- The platinum library cannot search the debug process records of some projection devices
- The usage of slice and the difference between slice and array
- White screen processing method of fulter startup page
- The most detailed network counting experiment in history (2) -- rip experiment of layer 3 switch
- Core concepts of rest
- 山大网安靶场实验平台项目-个人记录(五)
- C6748 软件仿真和硬件测试 ---附详细FFT硬件测量时间
- Customize the non slidable viewpage and how to use it
猜你喜欢
MySQL restores or rolls back data through binlog
On the forced conversion of C language pointer
Network protocol: SCTP flow control transmission protocol
Grafana 分享带可变参数的链接
![[报告] Microsoft :Application of deep learning methods in speech enhancement](/img/c1/7bffbcecababf8dabf86bd34ab1809.png)
[报告] Microsoft :Application of deep learning methods in speech enhancement
Oracle配置st_geometry
Audio signal processing and coding - 2.5.3 the discrete cosine transform
NiO related Basics
RuntimeError: Providing a bool or integral fill value without setting the optional `dtype` or `out`
Installation, use and problem summary of binlog2sql tool
随机推荐
Gossip: on greed
goroutine
5 minutes to achieve wechat cloud applet payment function (including source code)
JS controls the file type and size when uploading files
Class loading mechanism
Prefer composition to inheritance
JS calculation time difference
HTTP cache - HTTP authoritative guide Chapter VII
Speex维纳滤波与超几何分布的改写
A brief explanation of golang's keyword "competence"
Kubernetes入门到精通-KtConnect(全称Kubernetes Toolkit Connect)是一款基于Kubernetes环境用于提高本地测试联调效率的小工具。
js上传文件时控制文件类型和大小
Zero cost, zero foundation, build profitable film and television applet
Customize the non slidable viewpage and how to use it
OpenHarmony开源开发者成长计划,寻找改变世界的开源新生力!
openlayers 5.0 离散聚合点
White screen processing method of fulter startup page
MFCC: Mel频率倒谱系数计算感知频率和实际频率转换
Audio signal processing and coding - 2.5.3 the discrete cosine transform
UML类图几种关系的总结