We have an application that needs higher privileges than normal user. This application may be run with root user. But we need to run this application with normal user with root privileges.
我们有一个应用程序需要比普通用户更高的特权。 该应用程序可以用root用户运行。 但是我们需要以具有root特权的普通用户运行此应用程序。
须藤命令 (Sudo Command)
sudo
command is used to elevate user privileges to higher. Generally used to run commands as root user. Commands issued with sudo
are logged into /var/log/auth.log
sudo
命令用于将用户特权提升到更高级别。 通常用于以root用户身份运行命令。 sudo
发出的sudo
登录到/var/log/auth.log
In this example we will print the /etc/shadow
file which is only printed with the root
user. In order to get root
privileges we will use sudo
.
在此示例中,我们将打印/etc/shadow
文件,该文件仅由root
用户打印。 为了获得root
特权,我们将使用sudo
。
$ sudo cat /etc/shadow
苏多斯(Sudoers)
Sudoers is sudo configuration file where sudo enabled users are list. Beyond listing users also their permissions are set in this file. Sudoers file can be access from /etc/sudoers . Example sudoers file can be found below
Sudoers是sudo配置文件,其中列出了启用sudo的用户。 除了列出用户之外,该文件还设置了他们的权限。 可以从/ etc / sudoers访问Sudoers文件。 可以在下面找到示例sudoers文件
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
将用户添加到Wheel Group以启用管理员访问权限 (Add User To Wheel Group To Enable Admin Access)
There are different ways to get root privileges. Most used way is to add user to the wheel group. Whell is a special group where users in this group have root privileges.
有多种获取root特权的方法。 最常用的方法是将用户添加到滚轮组。 Whell是一个特殊的组,该组中的用户具有root特权。
$ usermod -a -G wheel test2
Now user test2 can run higher privilege commands like below
现在,用户test2可以运行以下更高权限的命令
$sudo passwd john
在Sudoers文件中专门添加用户 (Add User Specifically In The Sudoers File)
We can add user test2 to the sudoers file like adding following line.
我们可以将用户test2添加到sudoers文件中,就像添加以下行一样。
$echo "test2 ALL=(ALL) ALL" >> /etc/sudoers
We will add our user with echo to the /etc/sudoers file
我们将回显的用户添加到/ etc / sudoers文件中
test2 is the username
test2是用户名
ALL=(ALL) ALL line will add all privileges to the test2 user.
ALL =(ALL)ALL行将为test2用户添加所有特权。
Sudo使用记录(Sudo Usage Log)
sudo
command usage is important because it will give root access to the normal users. The actions of the users should be saved in to a log file. sudo
command log files are stored in the /var/log/auth.log
.
sudo
命令的用法很重要,因为它将为普通用户提供root访问权限。 用户的操作应保存到日志文件中。 sudo
命令日志文件存储在/var/log/auth.log
。
$ cat /var/log/auth.log
如何使用sudo命令在Linux中以root用户身份允许普通用户运行命令? 信息移植 (How To Allow Normal User Run Commands As Root In Linux with sudo Command? Infografic)
翻译自: https://www.poftut.com/how-to-allow-normal-user-run-commands-as-root-in-linux-with-sudo-command/