Some commands in the Linux root account in order to use them only, how can the ordinary user commands with root privileges can execute it, is to use the sudo command a name called, here are some introduction to the sudo command
sudo is a linux system administration commands, allowing a system administrator for the average user to perform some or all of the root command a tool, such as a halt, reboot, su, and so on. This not only reduces the root user login and management time, also improves security. sudo not to place a shell, which is for each command. In other words, as if personally perform root via sudo command executed. Access: There are users appear in the / etc / sudoers in.
Next, open the / etc / sudoers read the document, the main configuration file is heavily commented, teach you how to configure some of its users and the command to be executed
Pulled down to see the back of the root account is ALL that is for all commands have rights, and the following% wheel is ordinary accounts represented among this group wheel is the same with the root have permission, you can use the sudo add command was executed Some operations can be performed only root account
Take the following format in the root account to explain the operation format
User list of host names = command program list
Then use grep "bash" / etc / passwd command to check the current account can log out of the root system as well as a zhangsan
Then use id zhangsan look at specific information zhangsan account and found that it is not among the group of wheel that is zhangsan user can not use the command root (super administrator) of. We know the root of the orders are placed in / usr / sbin order inside only the root user can use, while the average user's command is placed in the / usr / bin directory.
接下来使用su - zhangsan命令切换到zhangsan用户
利用zhangsan用户执行一个root用才能执行的命令ifconfig ens32 192.168.220.120(修改IP地址为192.168.220.120),发现zhangsan用户不可以使用,因为它没有执行权限。但怎么使普通用户能够拥有像root用户一样的执行权限呢。这边如果把zhangsan用户添加到wheel(安全用户组)当中去的话,zhangsan是可以利用sudo命令执行所有的root的命令的。这样非常的不安全,如何使zhangsan用使用具体的使用一条或者几条root才能使用的命令呢?
这边需要切换回root账户
这边使用hostname命令获取一下本机的主机名
在这边执行一个chmod u+w /etc/sudoers命令,添加一个root用户的写权限
然后利用vim /etc/sudoers打开sudo的配置文件
在一个空白行按照格式输入zhangsan linux1=ifconfig,也就是说赋予zhangsan这个普通用户可以对主机linux1执行ifconfig命令的权限,输入完成后输入“:wq”保存并退出。注意这边的管理员命令一定要写命令的绝对路径,因为普通用户也可以使用ifconfig命令但跟管理员的ifconfig不一样。
接下来再使用su - zhangsan命令切换到zhangsan用户
在使用sudo ifconfig ens32 192.168.220.120命令修改主机ip为192.168.220.120试试看
发现这个时候的xshell软件已经断开了连接了
接下来再使用ssh 192.168.220.120命令从本地去连接刚刚修改过密码的主机,已经成功开始提示你输入密码
Next, enter the root account with root account password has just logged on to the modified system IP address on the
