Sudo Tools (Command)

SUDO Introduction:

Sudo is a tool that is usually used by Linux to use superuser privileges, allowing system administrators to make ordinary users to perform some or all of the root commands. This not only reduces the number of root users’ logins and management time, but also improves security. Because if the ordinary user wants to execute the command to execute, it must be switched to the root user so that he must know the root user’s password, which means that it is necessary to drop the root of each such user, so Unsafe.

SUDO designer’s purpose:

Allow their users to complete their work as little permissions.

SUDO features:

# 1. SUDO can limit the specified user runs some commands on the specified host.

# 2. sudo can provide logs, faithfully record what each user has done using sudo and can pass the log to the central host or log server.

# 3. SUDO provides a profile for system administrators, allowing system administrators to centrally manage users’ use weights and hosts used. It default storage location is / etc / sudoers.

# 4.sudo Using the timestamp file to complete a system similar to the “check”. When the user performs SUDO and entering the password, the user obtains a “admission ticket” with a default survival period of 5 minutes (the default value can be changed when compiling). After the timeout, the user must re-enter the password.

SUDO user rights configuration:

a) / etc / sudoers file:

The default configuration user operates the file file file, that is, can be used to make SUDO permissions in this file, and which commands can use sudo permissions. If you want to implement the user’s SUDO empowerment, you must use the command: Visudo to modify the sudoers file.

b) /etc/sudoers.d folder:

View the contents of the sudoers file via CAT / etc / sudoers, you will find a line of instructions: It is best not to modify this file, and implement the Sudo command empowerment process of ordinary users by operating the sudoers.d folder.

Proceed as follows:

1) Creating a new file under the /etc/sudoers.d folder, such as: Lyjsudo

Vim /etc/sudoers.d/lyjsudo

2) Edit Lyjsudo file: Add Lyjsudo all = (all) all

i

Lyjsudo all = (all) all

3) Save and exit

ESC: WQ

4) Modify the file Lyjsudo permissions to 400

CHMOD 400 / etc / sudoers.d / lyjsudo

5) Log in again with the Lyjsudo account, execute the sudo command to verify that it is effective

Su Lyjsudo

Sudo ls -al

If you can use it normally, the modification is successful.

Original permanent address: http://jsonliangyoujun.iteye.com/blog/2355226

Related Posts