sudo:能夠讓獲得授權的用戶使用者透過安全的方式使用特殊的權限執行程式
命令參數
-V 顯示版本編號
-h 幫助
-l 顯示出自己(執行 sudo 的使用者)的權限
-k 將會強迫使用者在下一次執行 sudo 時問密碼
-b 將要執行的指令放在背景執行
-u username 不加此參數,代表要以 root 的身份執行指令,加了此參數以 username 的身份執行指令配置文件:
/etc/sudoers (權限爲400)語法
who which_host=(whom) command編輯命令
visudo
sudo授權格式:授權某用戶在某主機上以某用戶的身份運行指定的管理命令
WHO HOST=(WHOM) COMMAND別名
定義:別名必須使用全大寫字符
Alias(別名)四種別名:
User_Alias(主機別名)
Runas_Alias(Runas別名)
Host_Alias(主機別名)
Cmnd_Alias(命令別名)
User_Alias ::= NAME '=' User_List
Runas_Alias ::= NAME '=' Runas_List
Host_Alias ::= NAME '=' Host_List
Cmnd_Alias ::= NAME '=' Cmnd_List
NAME ::= [A-Z]([A-Z][0-9]_)*
Runas_Alias OP = root, operator
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore,\
sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
/home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\
/usr/local/bin/tcsh, /usr/bin/rsh,\
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less實例
用戶別名(組名前面加“%”號)
User_Alias NAME = user1,%useradmin...主機別名
Host_Alias NAME = hostname,ip,networkRunas別名
Runas_Alias NAME = ADMINGRP = adm, oper關閉密碼驗
user1 ALL=(root) NOPASSWD: /usr/sbin/useradd, PASSWD: /usr/sbin/usermodPASSWD: 執行操作時,需要輸入密碼,來驗證用戶身份
NOPASSWD: 執行操作時,無需輸入密碼,不能確定用戶身份