sudo is a tool commonly used in Linux to allow ordinary users to use superuser privileges, allowing system administrators to allow ordinary users to execute some or all root commands. This not only reduces the number of root user logins and management time, but also improves security. Because if an ordinary user wants to execute a command that can only be executed by root, he must switch to the root user, so he must know the root user's password, which means that the root password must be assigned to each such user, which is very Not safe.
The purpose of sudo's designers:
to give users as few permissions as possible but still allow them to do their jobs.
Features of sudo:
# 1. sudo can restrict specified users to run certain commands on specified hosts.
# 2. sudo can provide logs, faithfully record what each user has done with sudo, and can transmit the logs to the central host or log server.
# 3. sudo provides configuration files for system administrators, allowing system administrators to centrally manage user permissions and hosts used. Its default storage location is /etc/sudoers.
# 4. sudo uses the timestamp file to complete a "ticket check"-like system. When the user executes sudo and enters a password, the user gets a "ticket" with a default lifetime of 5 minutes (the default value can be changed at compile time). After the timeout, the user must re-enter the password.
Sudo user permission configuration:
a) /etc/sudoers file:
the default file that configures the user's permission to operate the sudo command, that is to say, whether the user has sudo permission and which commands can use sudo permission can be configured in this file. . If you want to implement the user's sudo authorization operation by editing this file, you must use the command: visudo to modify the sudoers file.
b) /etc/sudoers.d folder:
Check the contents of the sudoers file through cat /etc/sudoers, and you will find a line stating: it is best not to modify this file, and to implement the sudo command for ordinary users by operating the sudoers.d folder Empowerment process.
The steps are as follows:
1) Create a new file in the /etc/sudoers.d folder, the name does not matter, such as: lyjsudo
vim /etc/sudoers.d/lyjsudo
2) Edit the lyjsudo file: add lyjsudo ALL=(ALL) ALL
i
lyjsudo ALL=(ALL) ALL
3) Save and exit
Esc:wq
4) Modify the file lyjsudo permission to 400
chmod 400/etc/sudoers.d/lyjsudo
5) Log in with the lyjsudo account and execute the sudo command to verify whether it takes effect
your love
sudo ls –al
If it can be used normally, it means that the modification is successful.
Original permanent address: http://jsonliangyoujun.iteye.com/blog/2355226