Linux sudo详解

sudo:控制用户对系统命令的使用权限,root允许的操作。通过sudo可以提高普通用户的操作权限，不过这个权限是需要进行配置才可使用。

常用的命令展示

配置sudo的2种方式

1. visodu  编辑
    visudo -c   检查语法命令，有报错可能导致系统起不来，所以编辑之前需要备份，编辑后最好检查一下用法

2. vi /etc/sudoers(98gg 可以快速跳转)  但是visudo功能更强大
 Syntax:    user    MACHINE=COMMANDS    # sudo 语法
root     ALL=(ALL)   ALL           #  (All)表示允许用户以哪个用户的权限做事情
omc     ALL=(ALL)       ALL       #  omc用户在任何机器上，可以只需任何用户的任何命令 == root用户
omc     ALL=(ALL)   NOPASSWD: ALL      #  免密而且omc用户在任何机器上，可以只需任何用户的任何命令
ftl        ALL=(ALL)   /bin/cp,/bin/touch     # 只允许ftl用户只需root用户的cp,touch命令

取消sudo必须需要tty才能执行的限制

 编辑 /etc/sudoers ，找到 Defaults    requiretty, 然后注释掉这行： 

注： /etc/sudoers  这个是一个权限很小的文件(440)

visudo的参数

    The options are as follows:

     -c          Enable check-only mode.  The existing sudoers file will be checked for syntax errors, owner
                 and mode.  A message will be printed to the standard output describing the status of
     -c          Enable check-only mode.  The existing sudoers file will be checked for syntax errors, owner
                 and mode.  A message will be printed to the standard output describing the status of
                 sudoers unless the -q option was specified.  If the check completes successfully, visudo
                 will exit with a value of 0.  If an error is encountered, visudo will exit with a value of
                 1.

     -f sudoers  Specify and alternate sudoers file location.  With this option visudo will edit (or check)
                 the sudoers file of your choice, instead of the default, /etc/sudoers.  The lock file used
                 is the specified sudoers file with “.tmp” appended to it.  In check-only mode only, the
                 argument to -f may be ‘-’, indicating that sudoers will be read from the standard input.

     -h          The -h (help) option causes visudo to print a short help message to the standard output and
                 exit.

     -q          Enable quiet mode.  In this mode details about syntax errors are not printed.  This option
                 is only useful when combined with the -c option.

     -s          Enable strict checking of the sudoers file.  If an alias is used before it is defined,
                 visudo will consider this a parse error.  Note that it is not possible to differentiate
                 between an alias and a host name or user name that consists solely of uppercase letters,
                 digits, and the underscore (‘_’) character.

     -V          The -V (version) option causes visudo to print its version number and exit.