Linux sudo命令

Linux 命令大全 Linux 命令大全

Linux sudo命令以系統管理者的身份執(zhí)行指令,也就是說,經由 sudo 所執(zhí)行的指令就好像是 root 親自執(zhí)行。

使用權限:在 /etc/sudoers 中有出現的使用者。

語法

sudo -V
sudo -h
sudo -l
sudo -v
sudo -k
sudo -s
sudo -H
sudo [ -b ] [ -p prompt ] [ -u username/#uid] -s
sudo command

參數說明

  • -V 顯示版本編號
  • -h 會顯示版本編號及指令的使用方式說明
  • -l 顯示出自己(執(zhí)行 sudo 的使用者)的權限
  • -v 因為 sudo 在第一次執(zhí)行時或是在 N 分鐘內沒有執(zhí)行(N 預設為五)會問密碼,這個參數是重新做一次確認,如果超過 N 分鐘,也會問密碼
  • -k 將會強迫使用者在下一次執(zhí)行 sudo 時問密碼(不論有沒有超過 N 分鐘)
  • -b 將要執(zhí)行的指令放在背景執(zhí)行
  • -p prompt 可以更改問密碼的提示語,其中 %u 會代換為使用者的帳號名稱, %h 會顯示主機名稱
  • -u username/#uid 不加此參數,代表要以 root 的身份執(zhí)行指令,而加了此參數,可以以 username 的身份執(zhí)行指令(#uid 為該 username 的使用者號碼)
  • -s 執(zhí)行環(huán)境變數中的 SHELL 所指定的 shell ,或是 /etc/passwd 里所指定的 shell
  • -H 將環(huán)境變數中的 HOME (家目錄)指定為要變更身份的使用者家目錄(如不加 -u 參數就是系統管理者 root )
  • command 要以系統管理者身份(或以 -u 更改為其他人)執(zhí)行的指令

實例

sudo命令使用

$ sudo ls
[sudo] password for hnlinux: 
hnlinux is not in the sudoers file. This incident will be reported.

指定用戶執(zhí)行命令

# sudo -u userb ls -l

顯示sudo設置

$ sudo -L //顯示sudo設置
Available options in a sudoers ``Defaults'' line:

syslog: Syslog facility if syslog is being used for logging
syslog_goodpri: Syslog priority to use when user authenticates successfully
syslog_badpri: Syslog priority to use when user authenticates unsuccessfully
long_otp_prompt: Put OTP prompt on its own line
ignore_dot: Ignore '.' in $PATH
mail_always: Always send mail when sudo is run
mail_badpass: Send mail if user authentication fails
mail_no_user: Send mail if the user is not in sudoers
mail_no_host: Send mail if the user is not in sudoers for this host
mail_no_perms: Send mail if the user is not allowed to run a command
tty_tickets: Use a separate timestamp for each user/tty combo
lecture: Lecture user the first time they run sudo
lecture_file: File containing the sudo lecture
authenticate: Require users to authenticate by default
root_sudo: Root may run sudo
log_host: Log the hostname in the (non-syslog) log file
log_year: Log the year in the (non-syslog) log file
shell_noargs: If sudo is invoked with no arguments, start a shell
set_home: Set $HOME to the target user when starting a shell with -s
always_set_home: Always set $HOME to the target user's home directory
path_info: Allow some information gathering to give useful error messages
fqdn: Require fully-qualified hostnames in the sudoers file
insults: Insult the user when they enter an incorrect password
requiretty: Only allow the user to run sudo if they have a tty
env_editor: Visudo will honor the EDITOR environment variable
rootpw: Prompt for root's password, not the users's
runaspw: Prompt for the runas_default user's password, not the users's
targetpw: Prompt for the target user's password, not the users's
use_loginclass: Apply defaults in the target user's login class if there is one
set_logname: Set the LOGNAME and USER environment variables
stay_setuid: Only set the effective uid to the target user, not the real uid
preserve_groups: Don't initialize the group vector to that of the target user
loglinelen: Length at which to wrap log file lines (0 for no wrap)
timestamp_timeout: Authentication timestamp timeout
passwd_timeout: Password prompt timeout
passwd_tries: Number of tries to enter a password
umask: Umask to use or 0777 to use user's
logfile: Path to log file
mailerpath: Path to mail program
mailerflags: Flags for mail program
mailto: Address to send mail to
mailfrom: Address to send mail from
mailsub: Subject line for mail messages
badpass_message: Incorrect password message
timestampdir: Path to authentication timestamp dir
timestampowner: Owner of the authentication timestamp dir
exempt_group: Users in this group are exempt from password and PATH requirements
passprompt: Default password prompt
passprompt_override: If set, passprompt will override system prompt in all cases.
runas_default: Default user to run commands as
secure_path: Value to override user's $PATH with
editor: Path to the editor for use by visudo
listpw: When to require a password for 'list' pseudocommand
verifypw: When to require a password for 'verify' pseudocommand
noexec: Preload the dummy exec functions contained in 'noexec_file'
noexec_file: File containing dummy exec functions
ignore_local_sudoers: If LDAP directory is up, do we ignore local sudoers file
closefrom: File descriptors >= %d will be closed before executing a command
closefrom_override: If set, users may override the value of `closefrom' with the -C option
setenv: Allow users to set arbitrary environment variables
env_reset: Reset the environment to a default set of variables
env_check: Environment variables to check for sanity
env_delete: Environment variables to remove
env_keep: Environment variables to preserve
role: SELinux role to use in the new security context
type: SELinux type to use in the new security context
askpass: Path to the askpass helper program
env_file: Path to the sudo-specific environment file
sudoers_locale: Locale to use while parsing sudoers
visiblepw: Allow sudo to prompt for a password even if it would be visisble
pwfeedback: Provide visual feedback at the password prompt when there is user input
fast_glob: Use faster globbing that is less accurate but does not access the filesystem
umask_override: The umask specified in sudoers will override the user's, even if it is more permissive

以root權限執(zhí)行上一條命令

$ sudo !!

以特定用戶身份進行編輯文本

$ sudo -u uggc vi ~www/index.html
//以 uggc 用戶身份編輯  home 目錄下www目錄中的 index.html 文件

列出目前的權限

sudo -l

列出 sudo 的版本資訊

sudo -V

Linux 命令大全 Linux 命令大全