当前位置:网站首页>Command - sudo
Command - sudo
2022-04-23 19:26:00 【Little monster 55】
sudo It's a kind of authority management mechanism , It allows the system administrator to assign reasonable tasks to ordinary users " right ", Let them perform tasks that only super users or other authorized users can complete , such as : Run something like mount,halt,su Orders like that , Or edit some system configuration files , image /etc/mtab,/etc /samba/smb.conf etc. .
1.su
Switching users
Format
# Format
1)su
-[l]/--login username
2)su username
# Don't specify username The default is root
1 and 2 The difference between :1 After switching users , Also switch to the new user's work environment
2 After switching users , Do not change the original user's working directory , And other environment variable directories
- 1.
- 2.
- 3.
- 4.
- 5.
Example
[[email protected] ~]
# su openstack
[[email protected] root]
$ pwd
/root
[[email protected] root]
$ exit
exit
[[email protected] ~]
# su - openstack
Last login: Sat Apr
23
17:44:35 CST
2022 on pts/0
[[email protected] ~]
$ pwd
/home/openstack
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
2.sudo
package :sudo
help :man
5 sudoers
effect : Authorize the specified user , On the specified host , Run some commands ; If an unauthorized user attempts to use sudo, You will be prompted to contact the administrator
Provide logs , Record user usage sudo operation
Provide configuration files for system administrators , Manage user permissions and hosts
Use a timestamp file to accomplish something like
" Ticket checking " The system of , The default deposit period is 5min
# adopt visudo Command edit profile , It has the function of grammar checking
use visudo Command to edit /etc/sudoers
usage: visudo [-chqsV] [-f sudoers]
visudo
-c
# Syntax check
visudo
-f /etc/sudoers.d/test
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.1. file
The configuration file :/etc/sudoers /etc/sudoers.d/*
Time stamp file :/var/db/sudo
Log files :/var/log/secure
Profile support : wildcard glob
?
*
[wxc]
# Match one of the characters
[!wxc]
\x
# escape
[[alpha]]
# There are two types of profile rules :
1. The alias definition : It's not necessary
2. Authorization rules : must
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
2.2. Authorization rules
user host
= (runas) command
user Log in to the host
= ( On behalf of the user ) command
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
-
root ALL
= (ALL) ALL
user:
# The identity of the person who ran the command
host:
# Through which hosts
(runas):
# As which user
command:
# Which commands to run
# Example :
wang
192.168.37
.7
=(root) /bin/mount /dev/sr0 /mnt
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.3. Alias
#user and runas:
username
#uid
%group_name
%
#gid
user_alias|runas_alias
#host:
ip or hostname
network(/netmask)
host_alias
#command:
command name
directory
sudoedit
Cmnd_Alias
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
# There are four types of aliases
User_Alias
Runas_Alias
Host_Alias
Cmnd_Alias
# Alias format
[A-Z]([A-Z][0-9]_)*
# The alias definition :
Alias_Type
NAME1
=item1,item2,item3
:NAME2
=item4,item5
Example 1:
Student
ALL
=(ALL) ALL
%wheel
ALL
=(ALL) ALL
Example 2:
Student
ALL
=(root) /sbin/pidof,/sbin/ifconfig
%wheel
ALL
=(ALL) NOPASSWD:ALL
Example 3:
User_Alias
NETADMIN
= netuser1,netuser2
Cmnd_Alias NETCMD
= /usr/sbin/ip
NETADMIN
ALL
=(root) NETCMD
Example 4:
User_Alias
SYSADER
=wang,mage,%admins
User_Alias
DISKADER
=tom
Host_Alias
SERS
=www.magedu.com,172.16.0.0/24
Runas_Alias
OP
=root
Cmnd_Alias
SYDCMD
=/bin/chown,/bin/chmod
Cmnd_Alias
DSKCMD
=/sbin/parted,/sbin/fdisk
SYSADER
SERS
= SYDCMD,DSKCMD
DISKADER
ALL
=(OP) DSKCMD
User_Alias ADMINUSER
= adminuser1,adminuser2
Cmnd_Alias ADMINCMD
= /usr/sbin/useradd,/usr/sbin/usermod, /usr/bin/passwd [a-zA-Z]*, !/usr/bin/passwd root
ADMINUSER
ALL
=(root) NOPASSWD:ADMINCMD,PASSWD:/usr/sbin/userdel
Example 5:
Defaults:wang
runas_default
=tom
wang
ALL
=(tom,jerry) ALL
Example 6:
wang
192.168.1.6,192.168.1
.8
=(root) /usr/sbin/,!/usr/sbin/useradd
Example 7:
wang
ALL
=(ALL) /bin/cat /var/log/messages*
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
2.4.sudo command
sudo –i –u wang Switch identities
sudo [-u user] COMMAND
-V
# Display configuration information such as version information
-u user
# Think root
-l,ll
# List the commands available and disabled on the host
-v
# Extend the validity of the password 5 minute , Update timestamp
-k
# Clear timestamp (1970-01-01), I need to retype the password next time
-K
#-k similar , Also delete the timestamp file
-b
# Execute instructions in the background
-p
# Change the prompt symbol for asking for the password
Example :-p
"password on %h for user %p:"
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
版权声明
本文为[Little monster 55]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231859372099.html
边栏推荐
- Strange problems in FrameLayout view hierarchy
- openlayers draw矩形
- goroutine
- openlayers 5.0 两种居中方式
- Redis core technology and practice 1 - start with building a simple key value database simplekv
- Openharmony open source developer growth plan, looking for new open source forces that change the world!
- Wechat applet part of the mobile phone Preview PDF did not respond
- Why is PostgreSQL about to surpass SQL Server?
- MySQL restores or rolls back data through binlog
- Kubernetes入门到精通-裸机LoadBalence 80 443 端口暴露注意事项
猜你喜欢
OpenHarmony开源开发者成长计划,寻找改变世界的开源新生力!
Using oes texture + glsurfaceview + JNI to realize player picture processing based on OpenGL es
Garbage collector and memory allocation strategy
MFCC: Mel频率倒谱系数计算感知频率和实际频率转换
Oracle配置st_geometry
Virtual machine performance monitoring and fault handling tools
I just want to leave a note for myself
On the forced conversion of C language pointer
The platinum library cannot search the debug process records of some projection devices
MySQL restores or rolls back data through binlog
随机推荐
MySQL syntax collation (5) -- functions, stored procedures and triggers
FFT物理意义: 1024点FFT就是1024个实数,实际进入fft的输入是1024个复数(虚部为0),输出也是1024个复数,有效的数据是前512个复数
Go recursively loops through folders
2021-2022-2 ACM training team weekly Programming Competition (8) problem solution
Easy mock local deployment (you need to experience three times in a crowded time. Li Zao will do the same as me. Love is like a festival mock)
Class loading mechanism
Pit encountered using camera x_ When onpause, the camera is not released, resulting in a black screen when it comes back
山大网安靶场实验平台项目-个人记录(五)
Codeforces Round #784 (Div. 4)
ArcMap connecting ArcGIS Server
The usage of slice and the difference between slice and array
考试系统进入试卷优化思路
ArcMap publishing slicing service
On the forced conversion of C language pointer
openlayers draw矩形
TI DSP的 FFT与IFFT库函数的使用测试
网络协议之:sctp流控制传输协议
SQL Server database in clause and exists clause conversion
js获取本机ip地址
Some speculation about the decline of adults' language learning ability