• 要找福利?记不住网址?搜不到?如何与我们保持联系?试试 CTRL+D 把零点博客添加进您的浏览器收藏夹,一键直达永不失联!

系统管理-Linux sudo命令

linux系统 涛涛 200次浏览 0个评论

Linux sudo命令

Linux 命令大全 Linux 命令大全

Linux sudo命令以系统管理者的身份执行指令,也就是说,经由 sudo 所执行的指令就好像是 root 亲自执行。

使用权限:在 /etc/sudoers 中有出现的使用者。

语法

<span class="pln">sudo </span><span class="pun">-</span><span class="pln">V</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">h</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">l</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">v</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">k</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">s</span>
<span class="pln">sudo </span><span class="pun">-</span><span class="pln">H</span>
<span class="pln">sudo </span><span class="pun">[</span> <span class="pun">-</span><span class="pln">b </span><span class="pun">]</span> <span class="pun">[</span> <span class="pun">-</span><span class="pln">p prompt </span><span class="pun">]</span> <span class="pun">[</span> <span class="pun">-</span><span class="pln">u username</span><span class="pun">/#</span><span class="pln">uid</span><span class="pun">]</span> <span class="pun">-</span><span class="pln">s</span>
<span class="pln">sudo command</span>

参数说明

  • -V 显示版本编号
  • -h 会显示版本编号及指令的使用方式说明
  • -l 显示出自己(执行 sudo 的使用者)的权限
  • -v 因为 sudo 在第一次执行时或是在 N 分钟内没有执行(N 预设为五)会问密码,这个参数是重新做一次确认,如果超过 N 分钟,也会问密码
  • -k 将会强迫使用者在下一次执行 sudo 时问密码(不论有没有超过 N 分钟)
  • -b 将要执行的指令放在背景执行
  • -p prompt 可以更改问密码的提示语,其中 %u 会代换为使用者的帐号名称, %h 会显示主机名称
  • -u username/#uid 不加此参数,代表要以 root 的身份执行指令,而加了此参数,可以以 username 的身份执行指令(#uid 为该 username 的使用者号码)
  • -s 执行环境变数中的 SHELL 所指定的 shell ,或是 /etc/passwd 里所指定的 shell
  • -H 将环境变数中的 HOME (家目录)指定为要变更身份的使用者家目录(如不加 -u 参数就是系统管理者 root )
  • command 要以系统管理者身份(或以 -u 更改为其他人)执行的指令

实例

sudo命令使用

<span class="pln">$ sudo ls
</span><span class="pun">[</span><span class="pln">sudo</span><span class="pun">]</span><span class="pln"> password </span><span class="kwd">for</span><span class="pln"> hnlinux</span><span class="pun">:</span><span class="pln"> 
hnlinux </span><span class="kwd">is</span> <span class="kwd">not</span> <span class="kwd">in</span><span class="pln"> the sudoers file</span><span class="pun">.</span> <span class="typ">This</span><span class="pln"> incident will be reported</span><span class="pun">.</span>

指定用户执行命令

<span class="com"># sudo -u userb ls -l</span>

显示sudo设置

<span class="pln">$ sudo </span><span class="pun">-</span><span class="pln">L </span><span class="com">//显示sudo设置</span>
<span class="typ">Available</span><span class="pln"> options </span><span class="kwd">in</span><span class="pln"> a sudoers </span><span class="str">``</span><span class="typ">Defaults</span><span class="str">''</span><span class="pln"> line</span><span class="pun">:</span><span class="pln">

syslog</span><span class="pun">:</span> <span class="typ">Syslog</span><span class="pln"> facility </span><span class="kwd">if</span><span class="pln"> syslog </span><span class="kwd">is</span><span class="pln"> being used </span><span class="kwd">for</span><span class="pln"> logging
syslog_goodpri</span><span class="pun">:</span> <span class="typ">Syslog</span><span class="pln"> priority to </span><span class="kwd">use</span> <span class="kwd">when</span><span class="pln"> user authenticates successfully
syslog_badpri</span><span class="pun">:</span> <span class="typ">Syslog</span><span class="pln"> priority to </span><span class="kwd">use</span> <span class="kwd">when</span><span class="pln"> user authenticates unsuccessfully
long_otp_prompt</span><span class="pun">:</span> <span class="typ">Put</span><span class="pln"> OTP prompt on its own line
ignore_dot</span><span class="pun">:</span> <span class="typ">Ignore</span> <span class="str">'.'</span> <span class="kwd">in</span><span class="pln"> $PATH
mail_always</span><span class="pun">:</span> <span class="typ">Always</span><span class="pln"> send mail </span><span class="kwd">when</span><span class="pln"> sudo </span><span class="kwd">is</span><span class="pln"> run
mail_badpass</span><span class="pun">:</span> <span class="typ">Send</span><span class="pln"> mail </span><span class="kwd">if</span><span class="pln"> user authentication fails
mail_no_user</span><span class="pun">:</span> <span class="typ">Send</span><span class="pln"> mail </span><span class="kwd">if</span><span class="pln"> the user </span><span class="kwd">is</span> <span class="kwd">not</span> <span class="kwd">in</span><span class="pln"> sudoers
mail_no_host</span><span class="pun">:</span> <span class="typ">Send</span><span class="pln"> mail </span><span class="kwd">if</span><span class="pln"> the user </span><span class="kwd">is</span> <span class="kwd">not</span> <span class="kwd">in</span><span class="pln"> sudoers </span><span class="kwd">for</span> <span class="kwd">this</span><span class="pln"> host
mail_no_perms</span><span class="pun">:</span> <span class="typ">Send</span><span class="pln"> mail </span><span class="kwd">if</span><span class="pln"> the user </span><span class="kwd">is</span> <span class="kwd">not</span><span class="pln"> allowed to run a command
tty_tickets</span><span class="pun">:</span> <span class="typ">Use</span><span class="pln"> a separate timestamp </span><span class="kwd">for</span><span class="pln"> each user</span><span class="pun">/</span><span class="pln">tty combo
lecture</span><span class="pun">:</span> <span class="typ">Lecture</span><span class="pln"> user the first time they run sudo
lecture_file</span><span class="pun">:</span> <span class="typ">File</span><span class="pln"> containing the sudo lecture
authenticate</span><span class="pun">:</span> <span class="typ">Require</span><span class="pln"> users to authenticate </span><span class="kwd">by</span> <span class="kwd">default</span><span class="pln">
root_sudo</span><span class="pun">:</span> <span class="typ">Root</span><span class="pln"> may run sudo
log_host</span><span class="pun">:</span> <span class="typ">Log</span><span class="pln"> the hostname </span><span class="kwd">in</span><span class="pln"> the </span><span class="pun">(</span><span class="pln">non</span><span class="pun">-</span><span class="pln">syslog</span><span class="pun">)</span><span class="pln"> log file
log_year</span><span class="pun">:</span> <span class="typ">Log</span><span class="pln"> the year </span><span class="kwd">in</span><span class="pln"> the </span><span class="pun">(</span><span class="pln">non</span><span class="pun">-</span><span class="pln">syslog</span><span class="pun">)</span><span class="pln"> log file
shell_noargs</span><span class="pun">:</span> <span class="typ">If</span><span class="pln"> sudo </span><span class="kwd">is</span><span class="pln"> invoked </span><span class="kwd">with</span> <span class="kwd">no</span><span class="pln"> arguments</span><span class="pun">,</span><span class="pln"> start a shell
set_home</span><span class="pun">:</span> <span class="typ">Set</span><span class="pln"> $HOME to the target user </span><span class="kwd">when</span><span class="pln"> starting a shell </span><span class="kwd">with</span> <span class="pun">-</span><span class="pln">s
always_set_home</span><span class="pun">:</span> <span class="typ">Always</span> <span class="kwd">set</span><span class="pln"> $HOME to the target user</span><span class="str">'s home directory
path_info: Allow some information gathering to give useful error messages
fqdn: Require fully-qualified hostnames in the sudoers file
insults: Insult the user when they enter an incorrect password
requiretty: Only allow the user to run sudo if they have a tty
env_editor: Visudo will honor the EDITOR environment variable
rootpw: Prompt for root'</span><span class="pln">s password</span><span class="pun">,</span> <span class="kwd">not</span><span class="pln"> the users</span><span class="str">'s
runaspw: Prompt for the runas_default user'</span><span class="pln">s password</span><span class="pun">,</span> <span class="kwd">not</span><span class="pln"> the users</span><span class="str">'s
targetpw: Prompt for the target user'</span><span class="pln">s password</span><span class="pun">,</span> <span class="kwd">not</span><span class="pln"> the users</span><span class="str">'s
use_loginclass: Apply defaults in the target user'</span><span class="pln">s login </span><span class="kwd">class</span> <span class="kwd">if</span><span class="pln"> there </span><span class="kwd">is</span><span class="pln"> one
set_logname</span><span class="pun">:</span> <span class="typ">Set</span><span class="pln"> the LOGNAME </span><span class="kwd">and</span><span class="pln"> USER environment variables
stay_setuid</span><span class="pun">:</span> <span class="typ">Only</span> <span class="kwd">set</span><span class="pln"> the effective uid to the target user</span><span class="pun">,</span> <span class="kwd">not</span><span class="pln"> the real uid
preserve_groups</span><span class="pun">:</span> <span class="typ">Don</span><span class="str">'t initialize the group vector to that of the target user
loglinelen: Length at which to wrap log file lines (0 for no wrap)
timestamp_timeout: Authentication timestamp timeout
passwd_timeout: Password prompt timeout
passwd_tries: Number of tries to enter a password
umask: Umask to use or 0777 to use user'</span><span class="pln">s
logfile</span><span class="pun">:</span> <span class="typ">Path</span><span class="pln"> to log file
mailerpath</span><span class="pun">:</span> <span class="typ">Path</span><span class="pln"> to mail program
mailerflags</span><span class="pun">:</span> <span class="typ">Flags</span> <span class="kwd">for</span><span class="pln"> mail program
mailto</span><span class="pun">:</span> <span class="typ">Address</span><span class="pln"> to send mail to
mailfrom</span><span class="pun">:</span> <span class="typ">Address</span><span class="pln"> to send mail </span><span class="kwd">from</span><span class="pln">
mailsub</span><span class="pun">:</span> <span class="typ">Subject</span><span class="pln"> line </span><span class="kwd">for</span><span class="pln"> mail messages
badpass_message</span><span class="pun">:</span> <span class="typ">Incorrect</span><span class="pln"> password message
timestampdir</span><span class="pun">:</span> <span class="typ">Path</span><span class="pln"> to authentication timestamp dir
timestampowner</span><span class="pun">:</span> <span class="typ">Owner</span><span class="pln"> of the authentication timestamp dir
exempt_group</span><span class="pun">:</span> <span class="typ">Users</span> <span class="kwd">in</span> <span class="kwd">this</span> <span class="kwd">group</span><span class="pln"> are exempt </span><span class="kwd">from</span><span class="pln"> password </span><span class="kwd">and</span><span class="pln"> PATH requirements
passprompt</span><span class="pun">:</span> <span class="typ">Default</span><span class="pln"> password prompt
passprompt_override</span><span class="pun">:</span> <span class="typ">If</span> <span class="kwd">set</span><span class="pun">,</span><span class="pln"> passprompt will </span><span class="kwd">override</span><span class="pln"> system prompt </span><span class="kwd">in</span><span class="pln"> all cases</span><span class="pun">.</span><span class="pln">
runas_default</span><span class="pun">:</span> <span class="typ">Default</span><span class="pln"> user to run commands </span><span class="kwd">as</span><span class="pln">
secure_path</span><span class="pun">:</span> <span class="typ">Value</span><span class="pln"> to </span><span class="kwd">override</span><span class="pln"> user</span><span class="str">'s $PATH with
editor: Path to the editor for use by visudo
listpw: When to require a password for '</span><span class="pln">list</span><span class="str">' pseudocommand
verifypw: When to require a password for '</span><span class="pln">verify</span><span class="str">' pseudocommand
noexec: Preload the dummy exec functions contained in '</span><span class="pln">noexec_file</span><span class="str">'
noexec_file: File containing dummy exec functions
ignore_local_sudoers: If LDAP directory is up, do we ignore local sudoers file
closefrom: File descriptors >= %d will be closed before executing a command
closefrom_override: If set, users may override the value of `closefrom'</span> <span class="kwd">with</span><span class="pln"> the </span><span class="pun">-</span><span class="pln">C option
setenv</span><span class="pun">:</span> <span class="typ">Allow</span><span class="pln"> users to </span><span class="kwd">set</span><span class="pln"> arbitrary environment variables
env_reset</span><span class="pun">:</span> <span class="typ">Reset</span><span class="pln"> the environment to a </span><span class="kwd">default</span> <span class="kwd">set</span><span class="pln"> of variables
env_check</span><span class="pun">:</span> <span class="typ">Environment</span><span class="pln"> variables to check </span><span class="kwd">for</span><span class="pln"> sanity
env_delete</span><span class="pun">:</span> <span class="typ">Environment</span><span class="pln"> variables to remove
env_keep</span><span class="pun">:</span> <span class="typ">Environment</span><span class="pln"> variables to preserve
role</span><span class="pun">:</span> <span class="typ">SELinux</span><span class="pln"> role to </span><span class="kwd">use</span> <span class="kwd">in</span><span class="pln"> the </span><span class="kwd">new</span><span class="pln"> security context
type</span><span class="pun">:</span> <span class="typ">SELinux</span><span class="pln"> type to </span><span class="kwd">use</span> <span class="kwd">in</span><span class="pln"> the </span><span class="kwd">new</span><span class="pln"> security context
askpass</span><span class="pun">:</span> <span class="typ">Path</span><span class="pln"> to the askpass helper program
env_file</span><span class="pun">:</span> <span class="typ">Path</span><span class="pln"> to the sudo</span><span class="pun">-</span><span class="pln">specific environment file
sudoers_locale</span><span class="pun">:</span> <span class="typ">Locale</span><span class="pln"> to </span><span class="kwd">use</span> <span class="kwd">while</span><span class="pln"> parsing sudoers
visiblepw</span><span class="pun">:</span> <span class="typ">Allow</span><span class="pln"> sudo to prompt </span><span class="kwd">for</span><span class="pln"> a password even </span><span class="kwd">if</span><span class="pln"> it would be visisble
pwfeedback</span><span class="pun">:</span> <span class="typ">Provide</span><span class="pln"> visual feedback at the password prompt </span><span class="kwd">when</span><span class="pln"> there </span><span class="kwd">is</span><span class="pln"> user input
fast_glob</span><span class="pun">:</span> <span class="typ">Use</span><span class="pln"> faster globbing that </span><span class="kwd">is</span><span class="pln"> less accurate but does </span><span class="kwd">not</span><span class="pln"> access the filesystem
umask_override</span><span class="pun">:</span> <span class="typ">The</span><span class="pln"> umask specified </span><span class="kwd">in</span><span class="pln"> sudoers will </span><span class="kwd">override</span><span class="pln"> the user</span><span class="str">'s, even if it is more permissive</span>

以root权限执行上一条命令

<span class="pln">$ sudo </span><span class="pun">!!</span>

以特定用户身份进行编辑文本

<span class="pln">$ sudo </span><span class="pun">-</span><span class="pln">u uggc vi </span><span class="pun">~</span><span class="pln">www</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">html
</span><span class="com">//以 uggc 用户身份编辑  home 目录下www目录中的 index.html 文件</span>

列出目前的权限

<span class="pln">sudo </span><span class="pun">-</span><span class="pln">l</span>

列出 sudo 的版本资讯

<span class="pln">sudo </span><span class="pun">-</span><span class="pln">V</span>

欢迎转载本文:系统管理-Linux sudo命令
喜欢 (0)
[ld]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址