本文为转帖,是在学习的时候搜索到的,现在收藏下,但是来源必须得标示出来:
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
The sudoers
file located at: /etc/sudoers
, contains the rules that users must follow when using the sudo command.
If you have ever used used Ubuntu, you know that the root account is disabled. This is because the root password is not set in Ubuntu, you can assign one and use it as with every other Linux distribution. That anyway is another story. On normal Ubuntu Linux computers you need to use sudo
to act as root.
I like using sudo
, I’m not using Ubuntu anymore. The first thing I do when I install a new Linux is to use visudo
to edit the sudoers file. And I always give my account root rights, then I can run commands as root without switching users.
The best way to understand the sudo
command, and the rules in sudoers file, the funny way is by this comics.
credit to: XKCD
As you can see from this funny picture, using sudo
command, makes the system obey any given order.
The two best advantages about using sudo
command are:
- Restricted privileges
- Logs of the actions taken by users
I’m sure you are now fully aware of the advantages of using sudo
command in a daily basis, how to use it?
In order to use sudo
you first need to configure the sudoers file. The sudoers file is located at /etc/sudoers
. And you should not edit it directly, you need to use the visudo
command.
Once you enter visudo
command, you will see something like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
Almost all lines are commented out, the one that matters in this sudoers file example is:
root ALL=(ALL) ALL
This line means: The root user can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.
The first part is the user, the second is the terminal from where the user can use sudo
command, the third part is which users he may act as, and the last one, is which commands he may run when using sudo
.
sudoers examples
operator ALL= /sbin/poweroff
The above command, makes the user operator can from any terminal, run the command power off.
You can also create aliases for: users -> User_Alias, run commands as other users -> Runas_Alias, host -> Host_Alias and command -> Cmnd_Alias
User_Alias OPERATORS = joe, mike, jude Runas_Alias OP = root, operator Host_Alias OFNET = 10.1.2.0/255.255.255.0 Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.
So, a typical sudoers file may look like this:
User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
OPERATORS ALL=ALL
#The users in the OPERATORS group can run any command from
any terminal.
linus ALL=(OP) ALL
# The user linus can run any command from any terminal as any
user in the OP group (root or operator).
user2 OFNET=(ALL) ALL
# user user2 may run any command from any machine in the
OFNET network, as any user.
user3 ALL= PRINTING
# user user3 may run lpc and lprm from any machine.
go2linux ALL=(ALL) ALL
# user go2linux may run any command from any machine acting
as any user. (like Ubuntu)
If you want not to be asked for a password use this form:
go2linux ALL=(ALL) NOPASSWD: ALL
You may want to read sudoers man page
Considering that you are still reading here a bonus:
visudo
command uses vi
as the editor here some tips to use it:
- Switch to root, (su root), then run visudo, (as above).
- Find where it says “root ALL=(ALL) ALL”.
- Type “o” to insert a new line below it.
- Now type what you want to insert, eg “username ALL=(ALL) ALL”.
- Hit esc to exit insert-mode.
- Type “:x” to save and exit.
Can I change the default visudo
editor?
Yes, changing the default visudo
editor is easy.
And just because of your dedication, and still reading until here, I’ll show you how to set nano
or vim
to use with visudo
command as default editor.
Using vim with visudo
export VISUAL=vim; visudo
Using nano with visudo
export VISUAL=nano; visudo
相关推荐
sudoers_sudoers.defaults :[默认:请参见defaults/main.yml ]:默认配置选项 sudoers_sudoers.host_aliases :[默认值: [] ]: Host_Alias类型的别名列表 sudoers_sudoers.host_aliases.name :别名的名称 ...
用sudo时提示"xxx is not in the sudoers file. This incident will be reported.其中XXX是你的用户名,也就是你的用户名没有权限使用sudo,我们只要修改一下/etc/sudoers文件就行了。
Ansible-ansible-sudoers.zip,控制默认/etc/sudoers文件和包含的文件/目录的配置。,ansible是一个简单而强大的自动化引擎。它用于帮助配置管理、应用程序部署和任务自动化。
主要介绍了详解Linux下的sudo及其配置文件/etc/sudoers的详细配置的相关资料,需要的朋友可以参考下
最新Mac OS --sudo 工具,安装以后,Mac 可以执行sudo命令
ansible-sudoers:控制默认etcsudoers文件和包含的文件目录的配置
此文档详细介绍在ubuntu系统下由于某种操作(修改了/usr/目录下某些文件的权限,修改了用户的名字等)导致sudoers文件不可用时的解决方法。非常有用。
#1.root执行sudo时不需要输入密码(eudoers文件中有配置root ALL=(ALL) ALL这样一条规则) #2.欲切换的身份与执行者的身份相同,不需要输入密码 3./etc/sudoers文件设置为允许用户在不输入该用户的密码的情况下使用...
sudoers文件编辑和使用
树莓派使用的sudoers文件,当调用管理员权限出问题时,很有可能是该文件出现了问题,一个可行的方法就是使用另一个Linux系统替换该文件。
使用sudo提权时出现:xx用户不在 sudoers 文件中。
主要介绍了Linux系统添加普通用户到 sudoers 文件的方法,在文章给大家补充Debian将普通用户添加到sudoer文件的方法,感兴趣的朋友一起看看吧
sudo修复
该项目旨在简化安全sudoers文件的创建,主要目标是: 通过与现有最佳实践保持一致,减少歧义和错误配置。 自动创建校验和,二进制选项等。 设置安全默认值。 发现非安全设置时发出警告 用法 建造 确保拥有最新的...
在CentOS 7系统中,可以通过配置sudoers文件来允许普通用户向root用户借权。这个设置可以让普通用户在一定范围内执行特权操作,提高系统的安全性和管理灵活性。
linux不能使用sudo命令解决方案,username is not in the sudoers file
这是本人在Linux 服务器学习中 总结出来的linux版的javajdk tomcat安装包,有了这些你就可以通过虚拟机跑你的静态页面了。这个集合中还包含安装的教程,也是本人收集的,里面都不是废话,都是一条条博主亲手实验过的...
配置hosts 安装SSH 关闭防火墙 修改时区 ZK(安装,启动,验证) HDFS+HA的结构图 角色分配 环境变量配置 核心文件配置 slave 启动命令(hdfs和yarn的相关命令) HA的切换 效果截图 下面我们给出下载包的链接地址...
...
培训学校入股合同.pdf