Allow root to run any commands anywhere	允许某些用户在任何地方运行任何命令
Allows people in group wheel to run all commands	允许组中的人员运行所有命令
Same thing without a password	允许某些用户使用命令时无需密码
Allows members of the users group to mount and unmount the cdrom as root	允许用户组的成员作为root用户装载和卸载CDROM
Allows members of the users group to shutdown this system	允许用户组的成员关闭此系统

2.查看其他用户无权限时的情况

切换至其他用户下连创建目录的权限都没有，需要为其提权


[sulibao@sulibao ~]$ mkdir /aaa
mkdir: cannot create directory ‘/aaa’: Permission denied

3.为其他用户配置sudo权限并测试

（1）选择编辑/etc/sudoers或visudo其中一种方式修改，此处以vim /etc/sudoers作演示

[root@sulibao ~]# vim /etc/sudoers

（2）找到Allows people in group wheel to run all commands这一行在行后按图示格式编辑

进入vim后可以输入“:set nu”来设置行号方便查看，大概在第100行

编辑完成后使用“:wq！”强制保存退出

也是可以通过%组名来指定组内成员的sudo权限

（3）在其他用户方进行测试，输入用户密码后命令即生效

注意：如果用户是远程连接单独出来的新连接需要断开连接重连，也可以直接在root用户下使用“su - 用户名”登录上去


[sulibao@sulibao ~]$ mkdir /bbb
mkdir: cannot create directory ‘/bbb’: Permission denied
[sulibao@sulibao ~]$ sudo mkdir /bbb
[sudo] password for sulibao: 
[sulibao@sulibao ~]$ ll / | grep bbb
drwxr-xr-x    2 root root    6 Jan  9 19:06 bbb

二.配置文件使其他用户执行sudo命令时无需密码

1.深感输密码的麻烦，为其设置使用sudo无需密码

编辑配置文件/etc/sudoers，找到Same thing without a password这行(大概在110行)按图示编辑，同样强制保存退出

2.在其他用户方测试


[sulibao@sulibao ~]$ mkdir /qwe
mkdir: cannot create directory ‘/qwe’: Permission denied
[sulibao@sulibao ~]$ sudo mkdir /qwe           
[sulibao@sulibao ~]$               // 配置成功，不提示输入普通用户密码

三.sudo命令的常见参数

1.sudo -h

列出sudo命令的帮助信息


[sulibao@sulibao ~]$ sudo -h
sudo - execute a command as another user
 
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
 
Options:
  -A, --askpass                 use a helper program for password prompting
  -b, --background              run command in the background
  -C, --close-from=num          close all file descriptors >= num
  -E, --preserve-env            preserve user environment when running command
      --preserve-env=list       preserve specific environment variables
  -e, --edit                    edit files instead of running a command
  -g, --group=group             run command as the specified group name or ID
  -H, --set-home                set HOME variable to target user's home dir
  -h, --help                    display help message and exit
  -h, --host=host               run command on host (if supported by plugin)
  -i, --login                   run login shell as the target user; a command may also be specified
  -K, --remove-timestamp        remove timestamp file completely
  -k, --reset-timestamp         invalidate timestamp file
  -l, --list                    list user's privileges or check a specific command; use twice for longer format
  -n, --non-interactive         non-interactive mode, no prompts are used
  -P, --preserve-groups         preserve group vector instead of setting to target's
  -p, --prompt=prompt           use the specified password prompt
  -r, --role=role               create SELinux security context with specified role
  -S, --stdin                   read password from standard input
  -s, --shell                   run shell as the target user; a command may also be specified
  -t, --type=type               create SELinux security context with specified type
  -T, --command-timeout=timeout terminate command after the specified time limit
  -U, --other-user=user         in list mode, display privileges for user
  -u, --user=user               run command (or edit file) as specified user name or ID
  -V, --version                 display version information and exit
  -v, --validate                update user's timestamp without running a command
  --                            stop processing command line arguments
[sulibao@sulibao ~]$

2.sudo -l

列出当前用户可以利用sudo执行哪些命令


[sulibao@sulibao ~]$ sudo -l
[sudo] password for sulibao: 
Matching Defaults entries for sulibao on sulibao:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR
    USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
 
User sulibao may run the following commands on sulibao:
    (ALL) ALL

3.sudo -u 用户名

以该用户的身份执行命令


[sulibao@sulibao ~]$ sudo -u root mkdir /asd
[sulibao@sulibao ~]$ ll / | grep asd
drwxr-xr-x    2 root root    6 Jan  9 22:28 asd

4.sudo -k

设置下次使用sudo时需要密码，即使已经在/etc/sudoers设置了无需密码，不过sudo -k的效果只生效一次


[sulibao@sulibao ~]$ sudo mkdir /qwer
[sulibao@sulibao ~]$ sudo -k
[sulibao@sulibao ~]$ sudo mkdir /ppp   //此时sudo -k后需要密码
[sudo] password for sulibao: 
[sulibao@sulibao ~]$ 
[sulibao@sulibao ~]$ sudo mkdir /ooo    
//生效一次后，使用sudo即继续按照配置文件/etc/sudoers内的配置执行
[sulibao@sulibao ~]$

5.sudo -b 命令

在后台运行命令

[sulibao@sulibao ~]$ sudo -b mkdir /ttt

其余参数请查看sudo -h的内容，需要什么用什么。

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/我家自动化/article/detail/528133