Tutorials to .com

Tutorials to .com » Os » Ubuntu » Ubuntu use sudo command for the allocation of management authority

Ubuntu use sudo command for the allocation of management authority

Print View , by: iSee ,Total views: 4 ,Word Count: 1516 ,Date: Mon, 1 Jun 2009 Time: 8:05 PM

【Introduction】 This article describes how to use sudo command for the ubuntu distribution of administrative privileges.

Ubuntu features a distinctive, that is, the initial use, you can not login as root to the system, why is this so? This system is installed from the start. For other Linux systems, the general settings in the installation process on the root password, so the user will be able to use it to log on or use of root account su command to switch to super user. In contrast, Ubuntu default installation, no user settings to the root password, no root account enabled. The problem is as the root user to run the command how to do? It does not matter, we can use the sudo command to achieve this purpose.

sudo is used under linux that allows ordinary users to use the super-user access tools, the order provides administrators with a fine-grained access control methods, through which people can be as super-user and can be used as other types of users to access system. The advantage of doing so, the administrator can not tell the user root password under the premise of granting them certain types of super-user permissions, which is held by many system administrators have been dreaming of.

Default configuration 1.sudo

When the default, Ubuntu is sudo provides a basic configuration, the configuration stored in / etc directory of the sudoers file. Changes to the configuration file, be sure to use the visudo tool to edit, because the tool will automatically configure strict syntax check, if we find error, in the preservation of withdrawal when given a warning and prompts you to configure which paragraph wrong, so as to ensure the correctness of the configuration file. In contrast, if you are using a text editor program other words, once the error, the system will have serious consequences. Ubuntu is given below is the default / etc / sudoers file content: # User privilege specificationroot ALL = (ALL) ALL # Members of the admin group may gain root privileges% admin ALL = (ALL) ALL

The above configuration to do the following brief description:

The role of the first configuration, is to allow root user to use sudo command system into any other type of user. The second configuration, the Management Group to all members of the Executive in his capacity as the root of all orders. Therefore, in the default Ubuntu system installed, as root in order to implement the order status, so long as in the back to keep up with the sudo command you want to implement. Below to illustrate with an example, if you want to run apt-get update, then, should be in the command line, type the following: $ sudo apt-get update

2. Detailed configuration file syntax

Next, we use an example to explain in detail the / etc / sudoers configuration file syntax, see the following example: jorge ALL = (root) / usr / bin / find, / bin / rm

Above the first column of the application of the provisions of its object: the user or group, on this case, it is the user jorge. In addition, because the system and the user can duplicate names in order to specify the application of the rule is not a user group, the group must use the name of the object at the beginning of percent%.

The second column of the application of the rules of the designated host. When we deploy systems in a number of sudo environment, particularly useful in this column, here on behalf of all the host of ALL. However, for desktop systems or do not want to sudo deployed to a number of systems, this column into the corresponding host name.

The third column on the value in brackets, noting that the provisions of the first column in which the identity of users to execute commands. In this case the value is set to root, which means that users can jorge in his capacity as the root user to run commands listed in the back. This value can also be set to a wildcard ALL, jorge, as the system can be any user to execute the order listed.

The last column (that is, / usr / bin / find, / bin / rm) is to use a comma to separate orders, such orders can be provided for the first column to the third column that the user identity to run them. This case, the configuration allows jorge run as super-user / usr / bin / find and / bin / rm these two orders. It should be noted that the order listed here have to use an absolute path.

The use of command 3.sudo

The question now is how to make use of user jorge allocated to his power? In fact very simple, as long as the command line mode command with sudo to run the program he wanted to be able to, such as: jorge @ ubuntu: ~ $ sudo find.!-Name '*. avi'-exec rm-f \ ( \) \;

Jorge attempt if the implementation of / etc / sudoers documents outside the program (such as find or rm), then, sudo command will be ended in failure, and gives a warning message, that he has no right to super-user to run these commands.

To a non-root user to run the command, you must use the-u option to specify the user you want as; Otherwise, sudo will be the default for the root user, for example, to fred capacity to implement the command ls, it should be this: $ sudo-u fred ls / home / fred

Just as you see, we can use these rules for the system to create a specific role. For example, let a group responsible for account management, on the one hand, you do not want to let these users have full root access, on the other hand, have to let them have increased and the right to delete users, we can create a system known as accounts group, and then add those users to this group. After using visudo to / etc / sudoers to add the following:% accounts ALL = (root) / usr / sbin / useradd, / usr / sbin / userdel, / usr / sbin / usermod

Well now, accounts of any member of the group to run useradd, userdel and usermod commands. If after some time, you also need to find the role of other tools, as long as the tail of the table to add on the list. This is very convenient!

It should be noted that, when we can run as user-defined order, it is important to use the full path of the command. This is completely out of security considerations, if we are given an order userad rather than simply / usr / sbin / useradd, then the user may create a script of his own, also known as userad, and then on its local path, so he called through the local useradd script as root to execute any command he wants the. This is very dangerous!

sudo command another convenient feature is that it can be pointed out that the order in its implementation which does not require a password. This is very useful, especially in the non-interactive script to super-user's identity to run when certain commands. For example, you want to allow users to as super-user do not have to enter a password will be able to kill the implementation of orders, so that users can immediately kill a process out of control. To this end, in the command-line front with NOPASSWD: Properties can be. For example, in the / etc / sudoers file to add the following line, so that this power jorge access: jorge ALL = (root) NOPASSWD: / bin / kill, / usr / bin / killall

As a result, jorge will be able to run the following command as root user to kill out-of-control process of the rm. jorge @ ubuntu: ~ $ sudo killall rm

6. How do I enable root account

Introduced above, we found that using sudo is indeed very good, but if you have long used to work in the root, I would like to savor the feeling of the past how to do? Very simple, as long as a root for the root password set up on the list: $ sudo passwd root

Well, now you can log in directly as the root.


Ubuntu Articles


Can't Find What You're Looking For?


Rating: Not yet rated

Comments

No comments posted.