Home | 簡體中文 | 繁體中文 | 雜文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品與服務 | Email

18.8. sudo, sudoedit - execute a command as another user

debian:~# apt-get install sudo		
		

/etc/sudoers

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL
		
		

sudo group

neo@debian:/etc/mysql$ cat /etc/group | grep 'sudo'
sudo:x:27:neo		
		

18.8.1. NOPASSWD

ubuntu NOPASSWD sudo的時候不需要輸入密碼

%admin ALL=(ALL)ALL
改為
%admin ALL=(ALL) NOPASSWD: NOPASSWD: ALL	
			

用戶

www localhost=NOPASSWD: /bin/cat, /bin/ls			
			

18.8.2. 允許或禁止命令

命令前面加‘!’可以禁止用戶運行該命令

neo ALL = (root) /bin/mount, /bin/umount, !/bin/mount /data0
dba ALL = /bin/mount /u0[1-5], /bin/umount /u0[1-5]
			

18.8.3. Cmnd_Alias 用法

Cmnd_Alias 定義命令別名

Cmnd_Alias WEBMASTER = /srv/nginx/sbin/nginx, /srv/php/sbin/php-fpm, !/srv/mysql/bin/mysql
www localhost = NETWORKING, SERVICES, DELEGATING, PROCESSES, WEBMASTER
			

18.8.4. wheel 組

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
neo     ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
			
comments powered by Disqus