1 基础部分@H_403_6@
1
2
3
4
5
6
|
1
|
/etc/sudoers
|
1
2
3
4
5
6
7
|
"#"
用于注释
"\x"
转义字符
"\"使用到物理行行尾则把下行的物理行连接成一个逻辑行
"*"
匹配零个或多个字符
"?"
匹配单个字符
"[...]"
匹配指定范围的字符
"[!...]"
匹配非指定范围的字符
|
1
2
3
4
|
Alias::=
'User_Alias'
User_Alias(
':'
User_Alias)*|
'Runas_Alias'
Runas_Alias(
':'
Runas_Alias)*|
'Host_Alias'
Host_Alias(
':'
Host_Alias)*|
'Cmnd_Alias'
Cmnd_Alias(
':'
Cmnd_Alias)*
|
1
|
Alias_TypeNAME=item1,item2,...
|
1
|
Alias_TypeNAME=item1,item3:NAME=item4,item5
|
1
2
3
4
5
6
7
|
User_Alias::=NAME
'='
User_List
Runas_Alias::=NAME
'='
Runas_List
Host_Alias::=NAME
'='
Host_List
Cmnd_Alias::=NAME
'='
Cmnd_List
|
1
|
NAME::=[A-Z]([A-Z][0-9]_)*
|
1
2
|
##Networking
Cmnd_AliasNETWORKING=
/sbin/route
,
/sbin/ifconfig
,
/bin/ping
,
/sbin/dhclient
,
/usr/bin/net
,
/sbin/iptables
,
/usr/bin/rfcomm
,
/usr/bin/wvdial
,
/sbin/iwconfig
,
/sbin/mii-tool
|
1
2
|
##UserAliases
User_AliasNETWORKINGADMINS=user1,user2,%gp1
|
1
2
|
##HostAliases
Host_AliasFILESERVERS=fs1,fs2
|
1
2
3
4
5
6
7
8
9
10
|
##Nextcomesthemainpart:whichuserscanrunwhatsoftwareon
##whichmachines(thesudoersfilecanbesharedbetweenmultiple
##systems).
##Syntax:
##
##userMACHINE=COMMANDS
##
##TheCOMMANDSsectionmayhaveotheroptionsaddedtoit.
##
##Allowroottorunanycommandsanywhere
|
1
|
1
|
user1fs1=
/sbin/mount
/mnt/cdrom
,
/sbin/umount
/mnt/cdrom
|
1
|
%gp1fs1=
/sbin/mount
/mnt/cdrom
,
/sbin/umount
/mnt/cdrom
|
1
|
rootALL=(ALL)ALL
|
1
|
NETWORKINGADMINSFILESERVERS=(NETWORKADMINS)
|
1
|
%wheelALL=(ALL)NOPASSWD:ALL
|
1
|
%wheelALL=(ALL)NOPASSWD:
/sbin/route
|
1
|
includedir
/etc/sudoers
.d
|
1
|
sudo
:sorry,youmusthavea
tty
torun
sudo
|
1
|
#Defaultsrequiretty
|
1
|
Defaults:user1!requiretty
|
1
|
Defaultssecure_path=
/sbin
:
/bin
:
/usr/sbin
:
/usr/bin
|
1
|
touch
/var/log/sudo
.log
|
1
|
visudo
|
1
2
3
|
Defaultslogfile=
/var/log/sudo
.log
Defaultsloglinelen=0
Defaults!syslog
|
1
|
vim
/etc/rsyslog
.conf
|
1
|
local2.debug
/var/log/sudo
.log
|
1
|
servicersyslogrestart
|
1
|
tail
-f
/var/log/sudo
.log
|
1
|
sudo
/usr/bin/ssh
root@127.0.0.1
|
1
2
|
1
|
sudo
su
-root
|
1
|
id
mail
|
1
|
uid=8(mail)gid=12(mail)
groups
=12(mail)
|
1
2
|
%mailALL=(root)NOPASSWD:ALL
mailALL=(root)NOPASSWD:!
/bin/su
|
1
2
|
%mailALL=(root)NOPASSWD:
/sbin/
*,
/bin/
*,
/usr/sbin/
*,
/usr/bin/
*
mailALL=(root)NOPASSWD:!
/bin/su
|
1
2
|
sudo
cp
/bin/su
assu
sudo
.
/assu
-root
|
1
2
3
|
%mailALL=(root)NOPASSWD:
/sbin/
*,
/usr/bin/
*
mailALL=(root)NOPASSWD:!/*/*
/sbin/
*,!/*/*
/bin/
*,!/*/*
/usr/sbin/
*,!/*/*
/usr/bin/
*,\
!
/bin/su
|
1
2
3
4
5
|
sudo
mv
/bin/su
/bin/assu
#或者
sudo
cp
/bin/su
/bin/assu
#然后
sudo
assu-root
|
1
2
3
|
%mailALL=(root)NOPASSWD:
/sbin/
*,\
!
/bin/su
,!
/usr/bin/passwd
*root*,!/*/**
/root/
*
|