【原創】Linux基礎之sudo

sudo容許用戶以其餘用戶的身份（好比root）執行命令，好比切換用戶、執行命令、讀寫文件等；

配置

sudo配置在：/etc/sudoers

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
...
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
...
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

從這個配置文件能夠看到3點：

• 配置的格式（user MACHINE=COMMANDS）以及示例（在末尾附近），好比root的權限；
• /etc/sudoers.d/* 這個目錄下邊的文件也會被加載，這樣就能夠把不一樣類別的權限配置分開到不一樣的文件；
• 使用visudo編輯，使用vi或vim編輯也能夠，不過visudo在保存前會作檢查，若是配置有問題會報錯，直接保存錯誤的配置可能致使難以預料的後果，千萬不要嘗試；

Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)

What now?

經常使用場景

1 切換用戶

username ALL=(root) NOPASSWD: /bin/su - targetuser

容許username切換到targetuser

%groupname ALL=(root) NOPASSWD: /bin/su - targetuser

容許groupname裏邊的用戶切換到targetuser

2 執行命令

username ALL=(root) NOPASSWD: /usr/sbin/iptables

容許username執行iptables命令