Add to Favorites | Make me yr homepage | RSS
Home > OS > Linux


Posted 2012-07-16 10:26:58 by admin

run the command as root

sudo - super user (superuser.; root) Run command

visudo - edit the sudoers file


sudo command


Sudo allows the superuser to execute instructions after the consent of the user. The Sudo reference/etc/sudoers this file to determine who is the authorized users. Sudo will prompt the user to enter a password to Kai the beginning of a period of N minutes to allow time (where N is defined in the installation and the default value is 5 minutes).

Sudoers This file is the section area by a selective host alias (host alias), a selective command aliases (command alias) section area and the user instructions (user specification) section is composed of. All command aliases or host alias must be required as a starting their own keywords (Host_Alias ??/ Cmnd_Alias) Note that only the first user (users) use of the records will be instructions in the User Help section area.

User the format of the Festival District:
User access group [: access group] ...

Access group :: = host symbol = [op,] instruction symbol [[op, instruction symbol] ...
Host symbol :: = lowercase a host name or host alias.
Instruction symbol :: = a command or command aliases.
op :: = logical '!' negation operand.

Host Aliases section area format:
Host_Alias ??host alias = list of hosts

Host_Alias ??:: = is a keyword.
Host alias :: = an uppercase alias.
The host list :: = host name separated by commas.

Command alias section area format:
Cmnd_Alias ??command alias = command list

Cmnd_Alias ??:: = is a keyword.
Command alias :: = an uppercase alias.
Instruction list :: = directives separated by commas.

In the text after the '#' symbol will be treated as a comment.
Too long a line you can use the inverted slash'' character to be divided into a new line.
To retain an alias for 'ALL' {Host, Cmnd} _Alias' inside can be used.
Do not use the 'ALL' to define an alias, this alias is not valid.
Noting that the 'ALL' to imply that all of the hosts with instructions.
You can use this syntax to lose some of the projects from the entire range:

user host = ALL,! ALIAS1,!/etc/halt ...


# Host alias specification
Host_Alias ??HUB =
REMOTE = merlin, kodiakthorn, spirit
Host_Alias ??MACHINES = kalkan, alpo, milkbones
Host_Alias ??SERVERS = houdini, merlin, kodiakthorn, spirit

# Command alias specification
Cmnd_Alias ??LPCS =/usr/etc/lpc,/usr/ucb/lprm
Cmnd_Alias ??SHELLS =/bin/sh,/bin/csh,/bin/tcsh
Cmnd_Alias ??MISC =/bin/rm,/bin/cat:
SHUTDOWN =/etc/halt,/etc/shutdown

# User specification
nieusma SERVERS = SHUTDOWN,/etc/reboot:
jill =/etc/shutdown, MISC
markm HUB = ALL,! MISC,!/etc/shutdown,!/etc/halt
billp ALL =/usr/local/bin/top: MACHINES = SHELLS
davehieb merlin = ALL: SERVERS =/etc/halt:
kodiakthorn = ALL

The above the sudoers description file is from four host alias, four command aliases notes, and 7 users consisting of. Britt has been allowed to the remote machine (merlin in kodiakthorn spirit) on the implementation of the/etc/halt,/etc/shutdown,/usr/etc/the lpc and/usr/ucb/the command lprm. Rohn was to allow the implementation of any instruction outside SHELL instruction group on any machine. Jill be allowed in the houdini on the implementation of the/etc/shotdown/bin/rm, and/bin/cat. Performed merlin and kodiakthorn, Davehieb any instructions and the halt SERVERS.

The Sudoers file should use visudo command to edit, it will lock the file and do a grammar check. This one can avoid the stupid grammar error mechanism.

Sudo was designed through the 4.3 BSD syslogging records, but if you really want to or can be recorded to a file to replace.

If a user is not authorized execution of sudo, then there will be a mail sent from the user to the authorized Department (defined in the time of installation).

All settings are defined after the installation, obtained from sudo.h including into the file and Makefile.


Allows nested host, and command aliases.
Allowed in the sudoers file using the host specifier
To use the region symbols (user ALL,! SERVERS, ... = commands).
Allows the user alias in the sudores files (like host/command aliases).
Visudo sudoers file to do more extensive checks.


The/etc/sudoers file of authorized users.
/Etc/stmp visudo the lock file that.
/Usr/local/bin/the sudo sudo executable file.
/Usr/local/etc/visudo tool to modify the sudoers file.

The authors

Jeff Nieusma
David Hieb


The release of this program is the hope that it will be useful, but there is no guarantee; not even implied warranties of merchantability or fitness of a particular purpose. See the GNU General Public License in order to obtain more detailed information.

Along with this program you should received a the GNU General Public License; if not, write a letter to the Free Software Foundation, Inc., 675 Mass. Ave.
Cambridge, MA 02139, USA.


If the user can access the shell scripts instruction group or allow shell escapes, then there is no simple way to prevent users to get the root shell.


su (1)...

Note: Have you found this article is fulled of spelling and grammatical errors? Yeah, it was translated by machine, but if you found it worth reading, please click the "Rate" button below to vote it. When it received 20 votes or more, it will be put to a library and waited for a manual translation. If you can read Chinese, check the original posts here: sudo

Back Home
Leave a Comment comments
Username: Password:
Verification code Anonymous
Related Posts
    No Related Articles
Latest News
Popular Pages