类别:原创 系统
1、软件安装
[root@jedy ~]# yum install sudo
2、修改配置文件
[root@jedy ~]# visudo \\更改配置文件
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
tt localhost=(root) ALL \\增加用户tt使用sudo的权限,以root身份在本地主机上执行所有命令。
3、测试
[root@localhost ~]# su tt
[tt@localhost root]$ sudo ls
anaconda-ks.cfg Desktop Documents Downloads install.log install.log.syslog Music Pictures Public Templates Videos vmware-tools-distrib
[tt@localhost root]$ sudo pwd
/root
[tt@localhost root]$
[tt@localhost root]$ sudo ls -l
total 56
-rw-------. 1 root root 1243 Mar 18 11:10 anaconda-ks.cfg
drwxr-xr-x. 2 root root 4096 Mar 18 14:42 Desktop
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Documents
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Downloads
-rw-r--r--. 1 root root 8815 Mar 18 11:10 install.log
-rw-r--r--. 1 root root 3384 Mar 18 11:08 install.log.syslog
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Music
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Pictures
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Public
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Templates
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Videos
drwxr-xr-x. 7 root root 4096 Oct 18 09:26 vmware-tools-distrib
[tt@localhost root]$
4、关于linux内置命令的sudo使用
[tt@localhost root]$ sudo cd
sudo: cd: command not found \\由于cd 等命令是linux shell 内置命令,sudo无法调用,不过我们可以通过sudo bash来调用。具体方法如下
[tt@localhost root]$
[tt@localhost root]$ sudo sh \\以root身份开一个shell
sh-4.1# pwd
/root
sh-4.1# cd
sh-4.1# pwd
/root \\以root身份运行
sh-4.1# cd /
sh-4.1# pwd
/
sh-4.1# exit
exit
[tt@localhost root]$
5、sudo安全
由于使用sudo命令运行一个新的shell 并不安全,通常不建议这么做。
[root@jedy ~]# visudo \\更改配置文件
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
tt localhost=(root) ALL,!/*/*sh,!/*/cp /*/*sh \\增加用户tt使用sudo的权限,以root身份在本地主机上执行(除bash sh外,并禁止将sh复制到其它地方)所有命令。
[root@localhost ~]# su tt
[tt@localhost root]$ sudo sh
[sudo] password for tt:
Sorry, user tt is not allowed to execute ‘/bin/sh‘ as root on localhost.localdomain.
[tt@localhost root]$ sudo bash
[sudo] password for tt:
Sorry, user tt is not allowed to execute ‘/bin/bash‘ as root on localhost.localdomain.
[tt@localhost root]$ sudo ls -l
6、sudo 日志
[root@jedy ~]# vi /etc/rsyslog.conf \\增加如下内容
# Save sudo messages also to sudo.log
local2.* /var/log/sudo.log
[root@jedy ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@jedy ~]#
[root@jedy ~]# su tt
[tt@localhost root]$ sudo date
Wed Apr 2 14:16:56 CST 2014
[tt@localhost root]$ sudo ls -l
total 56
-rw-------. 1 root root 1243 Mar 18 11:10 anaconda-ks.cfg
drwxr-xr-x. 2 root root 4096 Mar 18 14:42 Desktop
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Documents
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Downloads
-rw-r--r--. 1 root root 8815 Mar 18 11:10 install.log
-rw-r--r--. 1 root root 3384 Mar 18 11:08 install.log.syslog
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Music
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Pictures
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Public
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Templates
drwxr-xr-x. 2 root root 4096 Mar 18 12:22 Videos
drwxr-xr-x. 7 root root 4096 Oct 18 09:26 vmware-tools-distrib
[tt@localhost root]$ sudo pwd
/root
[tt@localhost root]$ sudo tail -f /var/log/sudo.log
Apr 2 14:12:23 : tt : command not allowed ; TTY=pts/0 ; PWD=/root ; USER=root ;
COMMAND=/bin/sh
Apr 2 14:12:30 : tt : command not allowed ; TTY=pts/0 ; PWD=/root ; USER=root ;
COMMAND=/bin/bash
Apr 2 14:12:58 : tt : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/bash
Apr 2 14:16:56 : tt : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/date
Apr 2 14:17:01 : tt : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/ls -l
Apr 2 14:17:06 : tt : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/pwd
Apr 2 14:17:21 : tt : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/tail
[tt@localhost root]$ exit
exit
[root@jedy ~]#