![linux sudo 命令](https://img-blog.csdnimg.cn/img_convert/5d70732936789c526dcb78fe7da7d9fc.png)
linux sudo 命令
Linux sudo
command is used to give root
privileges to the normal users . /etc/sudoers
file is used for configuration of sudo
. Sudoers file provides the users who can run sudo
command. Sudoers also used to limit the commands the user can run.
Linux sudo
命令用于为普通用户赋予root
特权。 /etc/sudoers
文件用于sudo
配置。 Sudoers文件提供了可以运行sudo
命令的用户。 Sudoers还用于限制用户可以运行的命令。
使用Sudo运行命令 (Run Command With Sudo)
Sudo command will accept given command and look to the sudoers file. If the given user have right to run command with sudo the password will be asked. If the passwordless sudo usage is allowed the command will run with root privileges.
Sudo命令将接受给定命令并查找sudoers文件。 如果给定的用户有权使用sudo运行命令,则将询问密码。 如果允许使用无密码sudo,则该命令将以root特权运行。
Now we will run cat /etc/shadow
command which will list users password hashes. Normal user can not have right to print password hashes.
现在,我们将运行cat /etc/shadow
命令,该命令将列出用户密码哈希值。 普通用户无权打印密码哈希。
$ sudo cat /etc/shadow
![Run Command With Sudo](https://img-blog.csdnimg.cn/img_convert/fffb87b6f98b2f6ca51796d011a4d23b.png)
指定用户(Specify User)
If we run sudo
command without specifying username explicitly the current user account will be used. But we can also specify the username explicitly with -u
option.
如果我们运行sudo
命令时未明确指定用户名,则将使用当前用户帐户。 但是我们也可以使用-u
选项显式指定用户名。
In this example we will run ls /
command with user account ismail.
在此示例中,我们将使用用户帐户ismail运行ls /
命令。
$ sudo -u ismail ls /
Sudoers文件 (Sudoers File)
Sudoers file is the database which is used by sudo
command. All specified rules are applied during sudo
usage. Here is the default Sudoers file.
Sudoers文件是sudo
命令使用的数据库。 在sudo
使用期间将应用所有指定的规则。 这是默认的Sudoers文件。
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
The general syntax is very simple. We first specify the user name or group name we want to apply rules. and then we provide the commands the user can run. In this configuration file all commands can be run buy given users and groups.
通用语法非常简单。 我们首先指定要应用规则的用户名或组名。 然后我们提供用户可以运行的命令。 在此配置文件中,可以在给定用户和组的情况下运行所有命令。
授予用户Sudo权限(Give User Sudo Rights)
We can add new rules to the sudoers file. First we will open sudoers file with following visudo
command.
我们可以将新规则添加到sudoers文件中。 首先,我们将使用以下visudo
命令打开sudoers文件。
$ sudo visudo
We will add following line for the user mike which can run all commands.
我们将为可以运行所有命令的用户Mike添加以下行。
mike ALL=(ALL:ALL) ALL
授予组Sudo权限 (Give Group Sudo Rights)
We can also provide a group sudo rights with the following command. The group name is operator
. We add %
before the group name.
我们还可以使用以下命令提供组sudo权限。 组名是operator
。 我们在组名之前添加%
。
%operator ALL=(ALL) ALL
无密码的Sudo (Passwordless Sudo)
Every time we issue sudo
command we need to provide our user’s password. This may become a nightmare for regular sudo
command users. We will add the NOPASSWD
to the ALL
part of rule.
每次发出sudo
命令时,我们都需要提供用户的密码。 对于普通的sudo
命令用户来说,这可能成为噩梦。 我们将NOPASSWD
添加到规则的ALL
部分。
In this example we configure sudo
for user account ismail
passwordless.
在此示例中,我们为用户帐户ismail
密码配置sudo
。
ismail ALL = (ALL) NOPASSWD: ALL
列出Sudo允许的命令 (List Sudo Allowed Commands)
Sudo command can restrict given user right to use commands. We can use -l
option to list allowed commands with sudo. Actually the directories or commands allowed to run will be listed.
Sudo命令可以限制给定的用户使用命令的权限。 我们可以使用-l
选项列出带有sudo的允许命令。 实际上,将列出允许运行的目录或命令。
$ sudo -l
![List Sudo Allowed Commands](https://img-blog.csdnimg.cn/img_convert/32fa8f225e3c1869236d89774246cd1d.png)
翻译自: https://www.poftut.com/linux-sudo-command-tutorial-with-examples-to-get-root-privileges/
linux sudo 命令