当前位置:网站首页>Command - sudo
Command - sudo
2022-04-23 19:26:00 【Little monster 55】
sudo It's a kind of authority management mechanism , It allows the system administrator to assign reasonable tasks to ordinary users " right ", Let them perform tasks that only super users or other authorized users can complete , such as : Run something like mount,halt,su Orders like that , Or edit some system configuration files , image /etc/mtab,/etc /samba/smb.conf etc. .
1.su
Switching users
Format
# Format
1)su
-[l]/--login username
2)su username
# Don't specify username The default is root
1 and 2 The difference between :1 After switching users , Also switch to the new user's work environment
2 After switching users , Do not change the original user's working directory , And other environment variable directories
- 1.
- 2.
- 3.
- 4.
- 5.
Example
[[email protected] ~]
# su openstack
[[email protected] root]
$ pwd
/root
[[email protected] root]
$ exit
exit
[[email protected] ~]
# su - openstack
Last login: Sat Apr
23
17:44:35 CST
2022 on pts/0
[[email protected] ~]
$ pwd
/home/openstack
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
2.sudo
package :sudo
help :man
5 sudoers
effect : Authorize the specified user , On the specified host , Run some commands ; If an unauthorized user attempts to use sudo, You will be prompted to contact the administrator
Provide logs , Record user usage sudo operation
Provide configuration files for system administrators , Manage user permissions and hosts
Use a timestamp file to accomplish something like
" Ticket checking " The system of , The default deposit period is 5min
# adopt visudo Command edit profile , It has the function of grammar checking
use visudo Command to edit /etc/sudoers
usage: visudo [-chqsV] [-f sudoers]
visudo
-c
# Syntax check
visudo
-f /etc/sudoers.d/test
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.1. file
The configuration file :/etc/sudoers /etc/sudoers.d/*
Time stamp file :/var/db/sudo
Log files :/var/log/secure
Profile support : wildcard glob
?
*
[wxc]
# Match one of the characters
[!wxc]
\x
# escape
[[alpha]]
# There are two types of profile rules :
1. The alias definition : It's not necessary
2. Authorization rules : must
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
2.2. Authorization rules
user host
= (runas) command
user Log in to the host
= ( On behalf of the user ) command
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
-
root ALL
= (ALL) ALL
user:
# The identity of the person who ran the command
host:
# Through which hosts
(runas):
# As which user
command:
# Which commands to run
# Example :
wang
192.168.37
.7
=(root) /bin/mount /dev/sr0 /mnt
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
2.3. Alias
#user and runas:
username
#uid
%group_name
%
#gid
user_alias|runas_alias
#host:
ip or hostname
network(/netmask)
host_alias
#command:
command name
directory
sudoedit
Cmnd_Alias
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
# There are four types of aliases
User_Alias
Runas_Alias
Host_Alias
Cmnd_Alias
# Alias format
[A-Z]([A-Z][0-9]_)*
# The alias definition :
Alias_Type
NAME1
=item1,item2,item3
:NAME2
=item4,item5
Example 1:
Student
ALL
=(ALL) ALL
%wheel
ALL
=(ALL) ALL
Example 2:
Student
ALL
=(root) /sbin/pidof,/sbin/ifconfig
%wheel
ALL
=(ALL) NOPASSWD:ALL
Example 3:
User_Alias
NETADMIN
= netuser1,netuser2
Cmnd_Alias NETCMD
= /usr/sbin/ip
NETADMIN
ALL
=(root) NETCMD
Example 4:
User_Alias
SYSADER
=wang,mage,%admins
User_Alias
DISKADER
=tom
Host_Alias
SERS
=www.magedu.com,172.16.0.0/24
Runas_Alias
OP
=root
Cmnd_Alias
SYDCMD
=/bin/chown,/bin/chmod
Cmnd_Alias
DSKCMD
=/sbin/parted,/sbin/fdisk
SYSADER
SERS
= SYDCMD,DSKCMD
DISKADER
ALL
=(OP) DSKCMD
User_Alias ADMINUSER
= adminuser1,adminuser2
Cmnd_Alias ADMINCMD
= /usr/sbin/useradd,/usr/sbin/usermod, /usr/bin/passwd [a-zA-Z]*, !/usr/bin/passwd root
ADMINUSER
ALL
=(root) NOPASSWD:ADMINCMD,PASSWD:/usr/sbin/userdel
Example 5:
Defaults:wang
runas_default
=tom
wang
ALL
=(tom,jerry) ALL
Example 6:
wang
192.168.1.6,192.168.1
.8
=(root) /usr/sbin/,!/usr/sbin/useradd
Example 7:
wang
ALL
=(ALL) /bin/cat /var/log/messages*
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
2.4.sudo command
sudo –i –u wang Switch identities
sudo [-u user] COMMAND
-V
# Display configuration information such as version information
-u user
# Think root
-l,ll
# List the commands available and disabled on the host
-v
# Extend the validity of the password 5 minute , Update timestamp
-k
# Clear timestamp (1970-01-01), I need to retype the password next time
-K
#-k similar , Also delete the timestamp file
-b
# Execute instructions in the background
-p
# Change the prompt symbol for asking for the password
Example :-p
"password on %h for user %p:"
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
版权声明
本文为[Little monster 55]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231859372099.html
边栏推荐
- Redis core technology and practice 1 - start with building a simple key value database simplekv
- Tencent cloud GPU best practices - remote development training using jupyter pycharm
- 2021-2022-2 ACM training team weekly Programming Competition (8) problem solution
- 为何PostgreSQL即将超越SQL Server?
- SQL Server database in clause and exists clause conversion
- [报告] Microsoft :Application of deep learning methods in speech enhancement
- Gossip: on greed
- MFCC: Mel频率倒谱系数计算感知频率和实际频率转换
- Intuitive understanding of the essence of two-dimensional rotation
- The most detailed network counting experiment in history (2) -- rip experiment of layer 3 switch
猜你喜欢
Grafana 分享带可变参数的链接
![[报告] Microsoft :Application of deep learning methods in speech enhancement](/img/c1/7bffbcecababf8dabf86bd34ab1809.png)
[报告] Microsoft :Application of deep learning methods in speech enhancement
MySQL syntax collation (3)
5 minutes to achieve wechat cloud applet payment function (including source code)
Common SQL commands
精简CUDA教程——CUDA Driver API
OpenHarmony开源开发者成长计划,寻找改变世界的开源新生力!
Network protocol: SCTP flow control transmission protocol
RuntimeError: Providing a bool or integral fill value without setting the optional `dtype` or `out`
ArcMap publishing slicing service
随机推荐
TI DSP的 FFT与IFFT库函数的使用测试
Main differences between go and PHP
SQL Server database in clause and exists clause conversion
How to uninstall easyton
Regular expressions for judging positive integers
NiO related Basics
OpenHarmony开源开发者成长计划,寻找改变世界的开源新生力!
All table queries and comment description queries of SQL Server
SSDB foundation 3
RuntimeError: Providing a bool or integral fill value without setting the optional `dtype` or `out`
Using oes texture + glsurfaceview + JNI to realize player picture processing based on OpenGL es
Class loading process of JVM
Openlayers 5.0 discrete aggregation points
高效的串口循环Buffer接收处理思路及代码2
Openlayers draw rectangle
ArcMap publishing slicing service
static类变量快速入门
Modify the font size of hint in editext
Go three ways to copy files
指针数组与数组指针的区分