怎样使用户拥有sudo的权限:Add User to “sudoers” File(转)
Add User to “sudoers” File
To give a user the ability to use the “sudo” command you must add them to the “sudoers” file. Here’s how.
Thanks to ubuntucat (see comment below) for the following suggestion! The easiest way to allow a user to sudo is to simply run the following command from the Terminal:
To open the Terminal:
Applications >> Accessories >> Terminal
Once the Terminal is open type:
sudo adduser username admin
This must be done from an account that already has sudo abilities or else from the root account.
If for some reason you have to manually edit the “sudoers” file keep reading!
Open the file “sudoers” located at /etc/sudoers using your favorite text editor. You must have root permissions to be able to edit this file so you will want to open your editor from the command line.
To use gedit you would do the following:
Open the Terminal and type:
sudo gedit /etc/sudoers
If you want to use vim you can simply enter the following into the Terminal:
sudo visudo
Once you have the sudoers file open, scroll down to the line:
root ALL = (ALL) ALL
Add the folling line below the root line (replacing “user” with the name of the account you wish to give sudo access to)
user ALL = (ALL) ALL
Save and close the file. The new user has now been added to the “sudoers” file and can use the “sudo” command.
另一篇:
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.
Debian’s sudo package has the password timeout set to 15 minutes. This means that when you first enter your password, as long as you don’t wait more than 15 minutes between sudo commands, you won’t have to enter it again. The password timeout can be immediately expired with sudo -k.
Debian’s sudo is compiled with
--with-exempt=sudo
--with-secure-path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:
As a consequence, the PATH of the user is ignored except if the user is in group sudo.
Installing SUDO in Debian
# apt-get install sudo
This will complete the installation of sudo.
SUDO Configuration file is /etc/sudoers
Default sudoers file looks like below
# /etc/sudoers
#
# This file MUST be edited with the ‘visudo’ command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
Only last line is valid now this means that the root user can run any command.
If you want to give perticular user to run any command use the following line in /etc/sudoers file
#vi /etc/sudoers
add the following line
user ALL=(ALL) ALL
here user means username
To run one command as root
sudo command
For more commands, run your shell with sudo.
sudo sh (if sh is your shell.)
Be careful when you are root. When you are done, type exit
SUDO Configuration examples
# User alias specification
User_Alias ADMINS = user1, user2, user3
User_Alias WEBMASTERS = user4, user5, user6
# command alias specification
Cmnd_Alias APACHE = /usr/local/sbin/kickapache
Cmnd_Alias TAIL = /usr/bin/tail
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias APT = /usr/bin/apt-get, /usr/bin/dpkg
# privileges
ROOT ALL = (ALL) ALL
WEBMASTERS ALL = PASSWD : APACHE, TAIL
admin ALL = NOPASSWD : /etc/init.d/apache
Running Commands Using SUDO
To get a file listing of an unreadable directory
$sudo ls /usr/local/protected
To list the home directory of user test on a machine where the file system holding ~test is not exported as root
$sudo -u test ls ~test
To edit the index.html file as user www:data
$sudo -u www:data vi ~www/htdocs/index.html
To shutdown a machine:
$sudo shutdown -r +15 “quick reboot”
To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to
make the cd and file redi-rection work.
$sudo sh -c “cd /home ; du -s * | sort -rn > USAGE”
If you want more options about sudo check sudo man page
Using Rootsh with SUDO
One more nice tool to use with sudo is rootsh
Download and install rootsh
Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It’s main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.
Start a shell with logging of input/output. Rootsh must be started via sudo if you want to become root. It does not raise your privileges on it’s own. You can run rootsh as a standalone application if you only want to log your own user’s session. If you call rootsh with additional commands, these will be passed to the shell.
You can create an entry in /etc/sudoers file
trusted_user host_or_ALL = /bin/rootsh
Rootsh Syntax
rootsh [OPTION]… [--] [COMMANDS]
$sudo rootsh
User should see himself in a root shell, as if he typed “su -” or “sudo -s”.
Main advantage of this is, everything user types will be sent to syslog. So if he tries to access some secure files from the server you can catch him using the logfiles from your syslog server.
Rootsh Usage Examples
$sudo rootsh
Start a logged root shell
$sudo rootsh -u oracle
Start a logged shell in the context of user oracle.
$rootsh -f mysession.log --no-syslog
Start a new shell for your user id, write protocol into mysession.log, do not send anything to syslog. This is
identical to “script -f mysession.log”
$sudo rootsh -i -u oracle lsnrctl stop
Run command “lsnrctl stop” as user oracle. (this will call sh -c “lsnrctl stop”)
$sudo rootsh -i -u oracle -- ls -l
Run command “ls -l” as user oracle. (this will call sh -c “ls -l”)
更多推荐
所有评论(0)