5. sudo, sudoedit - execute a command as another user
上一頁 第 98 章 Permission 下一頁
Home | Mirror | Search

5. sudo, sudoedit - execute a command as another user

debian:~# apt-get install sudo

/etc/sudoers

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL

sudo group

neo@debian:/etc/mysql$ cat /etc/group | grep 'sudo'
sudo:x:27:neo

5.1. NOPASSWD

ubuntu NOPASSWD sudo的時候不需要輸入密碼

%admin ALL=(ALL)ALL
改為
%admin ALL=(ALL) NOPASSWD: NOPASSWD: ALL

用戶

www localhost=NOPASSWD: /bin/cat, /bin/ls

5.2. 允許或禁止命令

命令前面加‘!’可以禁止用戶運行該命令

neo ALL = (root) /bin/mount, /bin/umount, !/bin/mount /data0
dba ALL = /bin/mount /u0[1-5], /bin/umount /u0[1-5]

5.3. Cmnd_Alias 用法

Cmnd_Alias 定義命令別名

Cmnd_Alias WEBMASTER = /srv/nginx/sbin/nginx, /srv/php/sbin/php-fpm, !/srv/mysql/bin/mysql
www localhost = NETWORKING, SERVICES, DELEGATING, PROCESSES, WEBMASTER
comments powered by Disqus
上一頁 上一級 下一頁
4. su - run a shell with substitute user and group IDs 起始頁 6. ACL - Access Control List