sudo is a rights management mechanism, administrators can authorize users to perform common operations root privileges without the need to know the root password.
sudo execute commands as another user, the default execution as root. Configuration file / etc / sudoers, visudo edit the configuration using the command, set the number of text lines 100gg
The Allow root to the any RUN ## Commands Anywhere root ALL = (ALL) ALL boy ALL = (ALL) NOPASSWD: / bin / ls # ls command allows users boy, and without a password boy ALL = (ALL) NOPASSWD: ALL # boy allows users to use all the commands, and without a password user to execute commands from which hosts = (user identity, the default root user) use the full path format command, multiple commands separated by commas
sudo execution principle:
sudo timestamp: the user first performs ordinary sudo command, need to enter account password, the system will be created in the / var / run / sudo / ts directory timestamp for the user, the effective time of 5 minutes, may be used to extend the parameter -v expiration date, use -k parameter clear timestamp.
Only allows the user to connect to the host on the nick and 192.168.10.0/24 segment as root run useradd
nick 192.168.10.0/24=(root) /usr/sbin/useradd
sudo -l view the user can use the sudo command
[boy@ 55test ~]$ sudo -l Matching Defaults entries for boy on 55test: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User boy may run the following commands on 55test: (ALL) NOPASSWD: ALL # NOPASSWD #boy获得全部管理员权限,并且sudo执行革命时不需要输入密码 [boy@ 55test ~]$ sudo ls /root mm2 nginx.log-ks.cfg gg.txt Anaconda num.txt Pass qq.txt MM1 mm3 nn.txt oldboy.txt passwd bash the User [Boy @ 55test ~] $ sudo su - # normal user login and then use sudo to mention the right to root Last the Login: Sat Oct 10 10:00:23 CST 2020 from 192.168.15.2 on pts / 3
the difference between sudo, su, suid: the
command of a suid root privileges -> All users, such as passwd, for the command requires root privileges, any user can use the command suid privileges
[55test the root @ ~] # `LL Which passwd` -rwsr-XR-X. 27832 On Jun. 1 the root 10, 2014 the root / usr / bin / the passwd user permission to execute position s, the special permission bits
su is used to change the identity of other users, in addition to root, you need to type the password for the user to switch.
Sudo operations performed a root -> a user, a user is authorized to execute certain commands as root, you need your own password