大家好,又见面了,我是你们的朋友全栈君。
在 Linux 上, 只有 root 用户可以执行任何命令, 其他用户必须使用 sudo 才可执行特殊的命令.
sudo 是通过 sudoers 进行配置的.
默认配置
/etc/sudoers:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
添加配置
不建议直接修改默认配置文件, 我们可以使用 #include 和 #includedir 添加自定义的配置文件.
/etc/sudoers.d/README:
#
# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
# installation of the package now includes the directive:
#
# #includedir /etc/sudoers.d
#
# This will cause sudo to read and parse any files in the /etc/sudoers.d
# directory that do not end in '~' or contain a '.' character.
#
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.
#
# Note also, that because sudoers contents can vary widely, no attempt is
# made to add this directive to existing sudoers files on upgrade. Feel free
# to add the above directive to the end of your /etc/sudoers file to enable
# this functionality for existing installations if you wish!
#
# Finally, please note that using the visudo command is the recommended way
# to update sudoers content, since it protects against many failure modes.
# See the man page for visudo for more information.
#
理解配置
root ALL=(ALL:ALL) ALL
上面的配置表示: root 用户可以在 任意机器 上以 任意用户 和 任意用户组 的 任意组合 执行 任意命令.
root:用户(%admin表示用户组)ALL=: 所有host(sudoers配置可能被用到多台机器上)ALL:: 任意用户:ALL: 任意用户组ALL: 任意命令
常见配置
允许用户使用
sudo执行任意命令, 但需要输入用户密码
user ALL=(ALL:ALL) ALL
允许用户不需要密码使用
sudo执行任意命令
user ALL=(ALL:ALL) NOPASSWD: ALL
参考文档
- What is the difference between
root ALL=(ALL:ALL) ALLandroot ALL=(ALL) ALL?
- Sudoers file, enable NOPASSWD for user, all commands
- Sudoers Manual
原文链接: https://goworker.cn/posts/linux-sudoers/
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/151372.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...