sudo:能够让获得授权的用户使用者透过安全的方式使用特殊的权限执行程式
命令参数
-V 显示版本编号
-h 帮助
-l 显示出自己(执行 sudo 的使用者)的权限
-k 将会强迫使用者在下一次执行 sudo 时问密码
-b 将要执行的指令放在背景执行
-u username 不加此参数,代表要以 root 的身份执行指令,加了此参数以 username 的身份执行指令
配置文件:
/etc/sudoers (权限为400)
语法
who which_host=(whom) command
编辑命令
visudo
sudo授权格式:授权某用户在某主机上以某用户的身份运行指定的管理命令
WHO HOST=(WHOM) COMMAND
别名 定义:别名必须使用全大写字符 Alias(别名)四种别名: User_Alias(主机别名) Runas_Alias(Runas别名) Host_Alias(主机别名) Cmnd_Alias(命令别名)
User_Alias ::= NAME '=' User_List
Runas_Alias ::= NAME '=' Runas_List
Host_Alias ::= NAME '=' Host_List
Cmnd_Alias ::= NAME '=' Cmnd_List
NAME ::= [A-Z]([A-Z][0-9]_)*
Runas_Alias OP = root, operator
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore,\
sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
/home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\
/usr/local/bin/tcsh, /usr/bin/rsh,\
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
实例 用户别名(组名前面加“%”号)
User_Alias NAME = user1,%useradmin...
主机别名
Host_Alias NAME = hostname,ip,network
Runas别名
Runas_Alias NAME = ADMINGRP = adm, oper
关闭密码验
user1 ALL=(root) NOPASSWD: /usr/sbin/useradd, PASSWD: /usr/sbin/usermod
PASSWD: 执行操作时,需要输入密码,来验证用户身份 NOPASSWD: 执行操作时,无需输入密码,不能确定用户身份
