定义某个用户以另外一个用户的身份,在某个主机执行某个命令。授权一个用户以管理员的权限执行某些命令。每一个“visudo”定义行表示一个sudo条目(用户定义)。通过别名指定一个用户组的行为规定。那么定义格式就明显了:
user/alias host=(as a user) any-command
别名必须是英文大写,别名有四类:User_Alias、Host_Alias、Runas_Alias、Cmnd_Alias。定义格式如下:
# User alias specification User_Alias WEBMASTERS = will, wendy, wim # Runas alias specification Runas_Alias DB = oracle, sybase # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ SGI = grolsch, dandelion, black :\ ALPHA = widget, thalamus, foobar :\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns # Cmnd alias specification Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\ /usr/local/bin/zsh
命令选项
-l 当前主机当前用户条目定义
[root@right ~]# sudo -l Matching Defaults entries for root on this host: requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User root may run the following commands on this host: (ALL) ALL
追逐用户操作
通过查看日志查看各个用户的操作的行为。
# cat /var/log/secure # cat /var/log/message
