Windows system >> Linux system Tutorial >> Linux Tutorial

Visudo precise user empowerment (sudo)

sudo authorization, and later blog friends reminded me, directly editing the sudoers file is still risky for new contacts with linux, more directly using vi to edit the file can not be achieved Grammar check, but also need to modify the permissions of the default file, very troublesome, then reprint a 51CTO blogger's article, tells the use of visudo accessories sudo permissions, the advantage of this command is that you can achieve language check, but the ultimate goal is still The same is true for modifying the sudoers file.

sudo is a very useful tool on the Unix/Linux platform that allows non-root users to give some reasonable rights to perform only some root or privileged users. Tasks, which reduce the number of logins and management time for root users, also increase system security.

The purpose of sudo: grant root user permissions for non-root users;

Configuration file: /etc/sudoers

visudo command to edit /etc/sudoers Configuration File

1, General User Empowerment Settings:

[root@localhost ~]# visudo…… omitted in front ## Syntax:#### user MACHINE=COMMANDS #### The COMMANDS section may have other options added to it.#### Allow root to run any commands anywhereroot ALL=(ALL) ALLtest ALL=(root) /usr/sbin/useradd ##New user line &hellip ;… omitting

Description: The first field: root is the user who can use the sudo command; the second field: the first ALL is the host that allows sudo, the second is the ALL in parentheses The command is executed in order to use sudo (the user of the destination); the third word: ALL is the command allowed to execute with the sudo command; the above explanation: test ALL=(root) /usr/sbin/useradd indicates that test is allowed The user logs in from any host and executes the /usr/sbin/useradd command as root. User execution command effect:

[root@server ~]# su - barlow[redhat@server ~]$ sudo /usr/sbin/useradd test##Command is best to enter the full path password: ##这里Enter the user barlow's own password [redhat@server ~]$ cat /etc/passwd | Tail -5xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologingdm:x:42:42::/var/gdm:/sbin/nologinsabayon:x:86:86:Sabayon User:/home/sabayon:/sbin/nologinredhat:x:500:500::/home/redhat:/bin/bashtest:x:501:501::/home/test:/bin/bash ##Newly added User

2, sudo configuration in-depth:

1) settings of multiple users (non-same group users): For users with different needs: you can add multiple lines in turn according to the above method. Each row corresponds to one user. For multiple users of the same requirement User_Alias UUU=user1,user2…… define user aliases;

[root@localhost ~]# visudo…… omitting ## User Aliases## These aren't often Necessary, as you can use regular groups## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname## rather than USERALIASUser_Alias ADMINS = jsmith, mikem ##This is an instance line, follow this Write your own User_Alisa sudouser=user1,user2,user3,user4 ##first alias suduouser……after omit ## Syntax:#### user MACHINE=COMMANDS#### The COMMANDS section may have other options added to It.#### Allow root to run any commands anywhereroot ALL=(ALL) ALL77 sudouser ALL=(root) /usr/sbin/useradd ##Command line writing format, user column with alias …… omitted

Settings for multiple commands: Cmnd_Alias CCC=command1,command2…… Define command aliases;

[root@localhost ~]# visudo…… omitted ## Comma Nd Aliases## These are groups of related commands...## NetworkingCmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dh client, /usr/bin/net, /sbin/iptables , /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ##Multiple commands define a command alias; …… omits later ## Syntax:#### User MACHINE=COMMANDS#### The COMMANDS section may have other options added to it.#### Allow root to run any commands anywhereroot ALL=(ALL) ALL77 sudouser ALL=(root) NETWORKING ##Command line writing format, The command line is aliased with ……