linux的sudo命令詳解

　　linux下的sudo命令以系統管理者的身份執行指令，下面由學習啦小編為大家搜集整理了linux的sudo命令詳解的相關知識，希望對大家有幫助!

　　linux的sudo命令詳解

　　Linux sudo命令以系統管理者的身份執行指令，也就是說，經由 sudo 所執行的指令就好像是 root 親自執行。

　　使用權限：在 /etc/sudoers 中有出現的使用者。

　　語法

　　sudo -V

　　sudo -h

　　sudo -l

　　sudo -v

　　sudo -k

　　sudo -s

　　sudo -H

　　sudo [ -b ] [ -p prompt ] [ -u username/#uid] -s

　　sudo command

　　參數說明：

　　-V 顯示版本編號

　　-h 會顯示版本編號及指令的使用方式說明

　　-l 顯示出自己(執行 sudo 的使用者)的權限

　　-v 因為 sudo 在第一次執行時或是在 N 分鐘內沒有執行(N 預設為五)會問密碼，這個參數是重新做一次確認，如果超過 N 分鐘，也會問密碼

　　-k 將會強迫使用者在下一次執行 sudo 時問密碼(不論有沒有超過 N 分鐘)

　　-b 將要執行的指令放在背景執行

　　-p prompt 可以更改問密碼的提示語，其中 %u 會代換為使用者的帳號名稱， %h 會顯示主機名稱

　　-u username/#uid 不加此參數，代表要以 root 的身份執行指令，而加了此參數，可以以 username 的身份執行指令(#uid 為該 username 的使用者號碼)

　　-s 執行環境變數中的 SHELL 所指定的 shell ，或是 /etc/passwd 里所指定的 shell

　　-H 將環境變數中的 HOME (家目錄)指定為要變更身份的使用者家目錄(如不加 -u 參數就是系統管理者 root )

　　command 要以系統管理者身份(或以 -u 更改為其他人)執行的指令

　　linux的sudo命令實例

　　sudo命令使用

　　$ sudo ls

　　[sudo] password for hnlinux:

　　hnlinux is not in the sudoers file. This incident will be reported.

　　指定用戶執行命令

　　# sudo -u userb ls -l

　　顯示sudo設置

　　$ sudo -L //顯示sudo設置

　　Available options in a sudoers ``Defaults'' line:

　　syslog: Syslog facility if syslog is being used for logging

　　syslog_goodpri: Syslog priority to use when user authenticates successfully

　　syslog_badpri: Syslog priority to use when user authenticates unsuccessfully

　　long_otp_prompt: Put OTP prompt on its own line

　　ignore_dot: Ignore '.' in $PATH

　　mail_always: Always send mail when sudo is run

　　mail_badpass: Send mail if user authentication fails

　　mail_no_user: Send mail if the user is not in sudoers

　　mail_no_host: Send mail if the user is not in sudoers for this host

　　mail_no_perms: Send mail if the user is not allowed to run a command

　　tty_tickets: Use a separate timestamp for each user/tty combo

　　lecture: Lecture user the first time they run sudo

　　lecture_file: File containing the sudo lecture

　　authenticate: Require users to authenticate by default

　　root_sudo: Root may run sudo

　　log_host: Log the hostname in the (non-syslog) log file

　　log_year: Log the year in the (non-syslog) log file

　　shell_noargs: If sudo is invoked with no arguments, start a shell

　　set_home: Set $HOME to the target user when starting a shell with -s

　　always_set_home: Always set $HOME to the target user's home directory

　　path_info: Allow some information gathering to give useful error messages

　　fqdn: Require fully-qualified hostnames in the sudoers file

　　insults: Insult the user when they enter an incorrect password

　　requiretty: Only allow the user to run sudo if they have a tty

　　env_editor: Visudo will honor the EDITOR environment variable

　　rootpw: Prompt for root's password, not the users's

　　runaspw: Prompt for the runas_default user's password, not the users's

　　targetpw: Prompt for the target user's password, not the users's

　　use_loginclass: Apply defaults in the target user's login class if there is one

　　set_logname: Set the LOGNAME and USER environment variables

　　stay_setuid: Only set the effective uid to the target user, not the real uid

　　preserve_groups: Don't initialize the group vector to that of the target user

　　loglinelen: Length at which to wrap log file lines (0 for no wrap)

　　timestamp_timeout: Authentication timestamp timeout

　　passwd_timeout: Password prompt timeout

　　passwd_tries: Number of tries to enter a password

　　umask: Umask to use or 0777 to use user's

　　logfile: Path to log file

　　mailerpath: Path to mail program

　　mailerflags: Flags for mail program

　　mailto: Address to send mail to

　　mailfrom: Address to send mail from

　　mailsub: Subject line for mail messages

　　badpass_message: Incorrect password message

　　timestampdir: Path to authentication timestamp dir

　　timestampowner: Owner of the authentication timestamp dir

　　exempt_group: Users in this group are exempt from password and PATH requirements

　　passprompt: Default password prompt

　　passprompt_override: If set, passprompt will override system prompt in all cases.

　　runas_default: Default user to run commands as

　　secure_path: Value to override user's $PATH with

　　editor: Path to the editor for use by visudo

　　listpw: When to require a password for 'list' pseudocommand

　　verifypw: When to require a password for 'verify' pseudocommand

　　noexec: Preload the dummy exec functions contained in 'noexec_file'

　　noexec_file: File containing dummy exec functions

　　ignore_local_sudoers: If LDAP directory is up, do we ignore local sudoers file

　　closefrom: File descriptors >= %d will be closed before executing a command

　　closefrom_override: If set, users may override the value of `closefrom' with the -C option

　　setenv: Allow users to set arbitrary environment variables

　　env_reset: Reset the environment to a default set of variables

　　env_check: Environment variables to check for sanity

　　env_delete: Environment variables to remove

　　env_keep: Environment variables to preserve

　　role: SELinux role to use in the new security context

　　type: SELinux type to use in the new security context

　　askpass: Path to the askpass helper program

　　env_file: Path to the sudo-specific environment file

　　sudoers_locale: Locale to use while parsing sudoers

　　visiblepw: Allow sudo to prompt for a password even if it would be visisble

　　pwfeedback: Provide visual feedback at the password prompt when there is user input

　　fast_glob: Use faster globbing that is less accurate but does not access the filesystem

　　umask_override: The umask specified in sudoers will override the user's, even if it is more permissive

　　以root權限執行上一條命令

　　$ sudo !!

　　以特定用戶身份進行編輯文本

　　$ sudo -u uggc vi ~www/index.html

　　//以 uggc 用戶身份編輯 home 目錄下www目錄中的 index.html 文件

　　列出目前的權限

　　sudo -l

　　列出 sudo 的版本資訊

　　sudo -V