11月23日 sudo命令
[[email protected] Desktop]# cd ~
[[email protected] ~]# visudo (sudo許可權修改)
Visudo (按a,i,o進入編輯模式)
(:set nu編號,找到第99行左右)
[[email protected] Desktop]# whereis cat 通過whereis 找到cat命令的路徑
Cat:/usr/bin/cat/usr/share/man/man1/cat.1.gz/usr/share/man/man1p/cat.1p.gz
[[email protected] Desktop]# whereis ls尋找命令路徑
ls:/usr/bin/ls/usr/share/man/man1/ls.1.gz/usr/share/man/man1p/ls.1p.gz
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL(能執行所有的命令)
99 lisi李四使用者擁有ALL所有地點=(ALL)最高許可權訪問
/usr/bin/cat,/usr/bin/ls 使用ls及cat命令許可權(注意必須是全命令格式)
esc 進入命令模式, :wq! 強制儲存並推出.
[[email protected] ~]# su – lisi 變更到使用者李四
[[email protected] ~]$ cat /etc/shadow 檢視shadow的內容
cat: /etc/shadow: Permission denied 不讓檢視
[[email protected] ~]$ sudo cat /etc/shadow 由於設定過visudo 李四的cat
許可權,所以使用sudo cat /etc/shadow 命令,輸入密碼就可以查看了
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lisi: 輸入李四密碼
root:$6$LUHZo5fyQvu7wIIT$THPpSKpmp1ojH7gPmXdc1ZOiwuz3TMa1Zj8t7HT2VlFoGAo4di3O1aBiSXTs/e0aO9YnxV1n9NhpCmpegkBQs0:17847:0:99999:7::(sudo命令授權李四可以檢視、shadow文件的內容):
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::
adm:*:16141:0:99999:7:::
lp:*:16141:0:99999:7:::
sync:*:16141:0:99999:7:::
shutdown:*:16141:0:99999:7:::
halt:*:16141:0:99999:7:::
mail:*:16141:0:99999:7:::
operator:*:16141:0:99999:7:::
games:*:16141:0:99999:7:::
ftp:*:16141:0:99999:7:::
nobody:*:16141:0:99999:7:::
dbus:!!:17847::::::
polkitd:!!:17847::::::
unbound:!!:17847::::::
colord:!!:17847::::::
usbmuxd:!!:17847::::::
avahi:!!:17847::::::
avahi-autoipd:!!:17847::::::
libstoragemgmt:!!:17847::::::
saslauth:!!:17847::::::
qemu:!!:17847::::::
rpc:!!:17847:0:99999:7:::