非常教程

Linux参考手册

Linux sudo命令

Linux sudo命令

Linux sudo命令

Linux sudo命令

Linux 命令大全

Linux sudo命令以系统管理者的身份执行指令,也就是说,经由 sudo 所执行的指令就好像是 root 亲自执行。

使用权限:在 /etc/sudoers 中有出现的使用者。

语法

sudo -V
sudo -h
sudo -l
sudo -v
sudo -k
sudo -s
sudo -H
sudo [ -b ] [ -p prompt ] [ -u username/#uid] -s
sudo command

参数说明

  • -V 显示版本编号
  • -h 会显示版本编号及指令的使用方式说明
  • -l 显示出自己(执行 sudo 的使用者)的权限
  • -v 因为 sudo 在第一次执行时或是在 N 分钟内没有执行(N 预设为五)会问密码,这个参数是重新做一次确认,如果超过 N 分钟,也会问密码
  • -k 将会强迫使用者在下一次执行 sudo 时问密码(不论有没有超过 N 分钟)
  • -b 将要执行的指令放在背景执行
  • -p prompt 可以更改问密码的提示语,其中 %u 会代换为使用者的帐号名称, %h 会显示主机名称
  • -u username/#uid 不加此参数,代表要以 root 的身份执行指令,而加了此参数,可以以 username 的身份执行指令(#uid 为该 username 的使用者号码)
  • -s 执行环境变数中的 SHELL 所指定的 shell ,或是 /etc/passwd 里所指定的 shell
  • -H 将环境变数中的 HOME (家目录)指定为要变更身份的使用者家目录(如不加 -u 参数就是系统管理者 root )
  • command 要以系统管理者身份(或以 -u 更改为其他人)执行的指令

实例

sudo命令使用

$ sudo ls
[sudo] password for hnlinux: 
hnlinux is not in the sudoers file. This incident will be reported.

指定用户执行命令

# sudo -u userb ls -l

显示sudo设置

$ sudo -L //显示sudo设置
Available options in a sudoers ``Defaults'' line:

syslog: Syslog facility if syslog is being used for logging
syslog_goodpri: Syslog priority to use when user authenticates successfully
syslog_badpri: Syslog priority to use when user authenticates unsuccessfully
long_otp_prompt: Put OTP prompt on its own line
ignore_dot: Ignore '.' in $PATH
mail_always: Always send mail when sudo is run
mail_badpass: Send mail if user authentication fails
mail_no_user: Send mail if the user is not in sudoers
mail_no_host: Send mail if the user is not in sudoers for this host
mail_no_perms: Send mail if the user is not allowed to run a command
tty_tickets: Use a separate timestamp for each user/tty combo
lecture: Lecture user the first time they run sudo
lecture_file: File containing the sudo lecture
authenticate: Require users to authenticate by default
root_sudo: Root may run sudo
log_host: Log the hostname in the (non-syslog) log file
log_year: Log the year in the (non-syslog) log file
shell_noargs: If sudo is invoked with no arguments, start a shell
set_home: Set $HOME to the target user when starting a shell with -s
always_set_home: Always set $HOME to the target user's home directory
path_info: Allow some information gathering to give useful error messages
fqdn: Require fully-qualified hostnames in the sudoers file
insults: Insult the user when they enter an incorrect password
requiretty: Only allow the user to run sudo if they have a tty
env_editor: Visudo will honor the EDITOR environment variable
rootpw: Prompt for root's password, not the users's
runaspw: Prompt for the runas_default user's password, not the users's
targetpw: Prompt for the target user's password, not the users's
use_loginclass: Apply defaults in the target user's login class if there is one
set_logname: Set the LOGNAME and USER environment variables
stay_setuid: Only set the effective uid to the target user, not the real uid
preserve_groups: Don't initialize the group vector to that of the target user
loglinelen: Length at which to wrap log file lines (0 for no wrap)
timestamp_timeout: Authentication timestamp timeout
passwd_timeout: Password prompt timeout
passwd_tries: Number of tries to enter a password
umask: Umask to use or 0777 to use user's
logfile: Path to log file
mailerpath: Path to mail program
mailerflags: Flags for mail program
mailto: Address to send mail to
mailfrom: Address to send mail from
mailsub: Subject line for mail messages
badpass_message: Incorrect password message
timestampdir: Path to authentication timestamp dir
timestampowner: Owner of the authentication timestamp dir
exempt_group: Users in this group are exempt from password and PATH requirements
passprompt: Default password prompt
passprompt_override: If set, passprompt will override system prompt in all cases.
runas_default: Default user to run commands as
secure_path: Value to override user's $PATH with
editor: Path to the editor for use by visudo
listpw: When to require a password for 'list' pseudocommand
verifypw: When to require a password for 'verify' pseudocommand
noexec: Preload the dummy exec functions contained in 'noexec_file'
noexec_file: File containing dummy exec functions
ignore_local_sudoers: If LDAP directory is up, do we ignore local sudoers file
closefrom: File descriptors >= %d will be closed before executing a command
closefrom_override: If set, users may override the value of `closefrom' with the -C option
setenv: Allow users to set arbitrary environment variables
env_reset: Reset the environment to a default set of variables
env_check: Environment variables to check for sanity
env_delete: Environment variables to remove
env_keep: Environment variables to preserve
role: SELinux role to use in the new security context
type: SELinux type to use in the new security context
askpass: Path to the askpass helper program
env_file: Path to the sudo-specific environment file
sudoers_locale: Locale to use while parsing sudoers
visiblepw: Allow sudo to prompt for a password even if it would be visisble
pwfeedback: Provide visual feedback at the password prompt when there is user input
fast_glob: Use faster globbing that is less accurate but does not access the filesystem
umask_override: The umask specified in sudoers will override the user's, even if it is more permissive

以root权限执行上一条命令

$ sudo !!

以特定用户身份进行编辑文本

$ sudo -u uggc vi ~www/index.html
//以 uggc 用户身份编辑  home 目录下www目录中的 index.html 文件

列出目前的权限

sudo -l

列出 sudo 的版本资讯

sudo -V

Linux sudo命令

Linux 命令大全

Linux sudo命令

Linux目录

1.Linux 用户和用户组管理
2.Linux 文件与目录管理
3.Linux 磁盘管理
4.Shell 变量
5.Shell 教程
6.linux yum 命令
7.Shell 函数
8.Shell 流程控制
9.Shell test 命令
10.Shell echo命令
11.Linux cksum命令
12.Linux chown命令
13.Linux chmod命令
14.Linux chgrp命令
15.Linux chattr命令
16.Linux cat命令
17.Linux cut命令
18.Linux indent命令
19.Linux gitview命令
20.Linux git命令
21.Linux find命令
22.Linux file命令
23.Linux diffstat命令
24.Linux 命令大全
25.Linux diff命令
26.Linux cmp命令
27.Linux more命令
28.Linux mktemp命令
29.Linux mdir命令
30.Linux mdel命令
31.Linux mc命令
32.Linux mattrib命令
33.Linux lsattr命令
34.Linux locate命令
35.Linux less命令
36.Linux ln命令
37.Linux rcp命令
38.Linux patch命令
39.Linux paste命令
40.Linux od命令
41.Linux mv 命令
42.Linux mtoolstest命令
43.Linux mtools命令
44.Linux mren命令
45.Linux mread命令
46.Linux mmove命令
47.Linux mcopy命令
48.Linux cp命令
49.Linux which命令
50.Linux umask命令
51.Linux touch命令
52.Linux tmpwatch命令
53.Linux tee命令
54.Linux split命令
55.Linux slocate命令
56.Linux rm命令
57.Linux ex命令
58.Linux egrep命令
59.Linux ed命令
60.Linux csplit命令
61.Linux comm命令
62.Linux colrm命令
63.Linux col命令
64.Linux whereis命令
65.Linux rhmask命令
66.Linux mshowfat命令
67.Linux mtype命令
68.Linux look命令
69.Linux join命令
70.Linux joe命令
71.Linux jed命令
72.Linux ispell命令
73.Linux grep 命令
74.Linux fold命令
75.Linux fmt命令
76.Linux fgrep命令
77.Linux lprm命令
78.Linux wc命令
79.Linux uniq 命令
80.Linux expr命令
81.Linux tr命令
82.Linux spell命令
83.Linux sort命令
84.Linux sed 命令
85.Linux rgrep命令
86.Linux pico命令
87.Linux uucp命令
88.Linux uupick命令
89.Linux uuto命令
90.Linux tftp命令
91.Linux ncftp命令
92.Linux ftp命令
93.Linux bye命令
94.Linux lpd命令
95.Linux lpq命令
96.Linux lpr命令
97.Linux mlabel命令
98.Linux edquota命令
99.Linux du命令
100.Linux dirs命令