命令参数
-V 显示版本编号
-h 帮助
-l 显示出自己(执行 sudo 的使用者)的权限
-k 将会强迫使用者在下一次执行 sudo 时问密码
-b 将要执行的指令放在背景执行
-u username 不加此参数,代表要以 root 的身份执行指令,加了此参数以 username 的身份执行指令配置文件:
/etc/sudoers (权限为400)语法
who which_host=(whom) command编辑命令
visudo
sudo授权格式:授权某用户在某主机上以某用户的身份运行指定的管理命令 ??
? ? ? ?WHO ? ? HOST=(WHOM) ? ? COMMAND别名
定义:别名必须使用全大写字符
Alias(别名)四种别名:
User_Alias(主机别名)
Runas_Alias(Runas别名)
Host_Alias(主机别名)
Cmnd_Alias(命令别名)
User_Alias ::= NAME ‘=‘ User_List
Runas_Alias ::= NAME ‘=‘ Runas_List
Host_Alias ::= NAME ‘=‘ Host_List
Cmnd_Alias ::= NAME ‘=‘ Cmnd_List
NAME ::= [A-Z]([A-Z][0-9]_)*
Runas_Alias OP = root, operator
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor : SGI = grolsch, dandelion, black : ALPHA = widget, thalamus, foobar : HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, /usr/sbin/rrestore, sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, /usr/local/bin/tcsh, /usr/bin/rsh, /usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less实例
用户别名(组名前面加“%”号)
User_Alias NAME = user1,%useradmin...主机别名
Host_Alias NAME = hostname,ip,networkRunas别名
Runas_Alias NAME = ADMINGRP = adm, oper关闭密码验
user1 ALL=(root) NOPASSWD: /usr/sbin/useradd, PASSWD: /usr/sbin/usermodPASSWD: 执行操作时,需要输入密码,来验证用户身份
NOPASSWD: 执行操作时,无需输入密码,不能确定用户身份
原文:https://blog.51cto.com/14074807/2394127