sudo使用
2024-09-05 17:22:46
/etc/sudo.conf
/etc/sudoers
/etc/sudoers.d/
/etc/sudo-ldap.conf
/etc/sudoer sudo安全策略配置文件
Defaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
#includedir /etc/sudoers.d
环境变量
requiretty # 登录用户允许运行sudo
always_set_home
visiblepw # sudo拒绝未通过密码验证的用户后,是否显示信息
别名
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\
/usr/local/bin/tcsh, /usr/bin/rsh,\
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
访问控制
# User specification, format: User Host = (RunAs) Command
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL # root用户,wheel组成员允许以任意用户身份在任意主机执行任意命令
FULLTIMERS ALL = NOPASSWD: ALL # FULLTIMERS用户别名的成员允许在任意主机执行任意命令,无须密码认证
PARTTIMERS ALL = ALL # PARTTIMERS用户别名的成员允许在任意主机执行任意命令,首次需要密码认证
bob SPARC = (OP) ALL : SGI = (OP) ALL # ':' 分隔2类主机
fred ALL = (DB) NOPASSWD: ALL
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www # ',' 分隔2类用户身份
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING, sudoedit /etc/printcap, /usr/oper/bin/
最新文章
- 【腾讯bugly干货分享】HTML 5 视频直播一站式扫盲
- 理解浏览器历史记录(2)-hashchange、pushState
- Storm-源码分析- Storm中Zookeeper的使用
- 黄永成-thinkphp讲解-个人博客讲解26集
- hadoop2.7.1安装
- @HTML.checkboxFor()用法
- 【WCF 1】WCF框架宏观了解
- http://www.cnblogs.com/TankXiao/p/4018219.html
- C# 数据的加密解密
- SQL 字段里有逗号隔开的数据的取值
- osx launchpad删除图标
- MVC如何在Pipeline中接管请求的?
- SignalR的服务器广播
- Leetcode 19——Remove Nth Node From End of List
- PMP知识点(四)——项目管理计划的内容
- [Swift]LeetCode293. 翻转游戏 $ Flip Game
- python3学习笔记及常见问题
- list 转成 tree
- Bubble Sort (找规律)
- 项目开发之package.json