The sudo command is used
Nginx is not an Http file server. It is not an Http file server.
1. The sudo is introduced
Sudo is a Tool that allows a system administrator to let regular users execute some or all root commands, such as halt, reboot, su, and so on. This not only reduces login and administration time for the root user, but also improves security.
Principle 2.
Before sudo was written around 1980, the usual way to manage a user system was to su over to a superuser. But one of the drawbacks of su is that you have to tell the superuser the password first. Sudo allows regular users to gain access without knowing the password of the superuser. First, the superuser registers the name of an ordinary user, the specific commands that can be executed, and the identity of which user or user group to execute the commands, etc., in a special file (usually /etc/sudoers), that is, the superuser completes the authorization of the user (at this time, the user is called “sudoer”). When an ordinary user needs to obtain special privileges, he/she can add “sudo” before the command. At this time, sudo will ask the user for his/her password (to confirm that the user is in front of the terminal). After the answer, the system will run the process of the command as the superuser. After that, you do not need to enter your password again to use sudo for a period of time (the default is 5 minutes and can be customized in /etc/sudoers).
Because the superuser’s password is not required, some Unix systems even use sudo to replace the superuser as the administrative account, such as Ubuntu and Mac OS X.
3. The installation
Check if sudo is installed:
[root@localhost ~]# RPM -q sudo sudo-1.8.19p2-13.el7.x86_64 if it is not installed, download the package and install it
4. Configuration
Edit configuration file command :visudo,
Does note: When editing sudo configuration file /etc/sudoers, do not directly use vi (vi /etc/sudoers) to edit, because sudoers configuration has certain syntax, directly use vi editing and saving the system will not check the syntax, if there is a mistake also saved may cause the use of sudo tool. It is best to configure using the visudo command. Although Visudo also calls vi to edit, it will check the syntax when saving and will prompt if there are errors. Default configuration file location :/etc/sudoers
Sudo [-vhl LvkKsHPSb] │ [-p prompt] [-c class│-] [-a auth_type] [-u username│#uid] command
parameter
sample
- Sudo -l lists the current permissions
If the user is not in sudoers, a message will be displayed indicating that the sudo command cannot be run. If the user is in sudoers, detailed permissions will be displayed.
-
Sudo-v lists the version of sudo
-
#testuser has all sudo permissions. You need to enter the password of testuser
testuser ALL=(ALL) ALL
- Testuser Has all sudo permissions and is equivalent to root. The password of testuser is not required
testuser ALL=(ALL) NOPASSWD:ALL
- Testuser with specific sudo permissions, / usr/sbin/iptables, / usr/sbin/useradd need password
testuser ALL=(ALL) /usr/sbin/iptables,/usr/sbin/useradd
- Testuser with specific sudo permissions, / usr/sbin/iptables, / usr/sbin/useradd don’t need a password
testuser ALL=(ALL) NOPASSWD:/usr/sbin/iptables,/usr/sbin/useradd
- Testuser with specific sudo permissions, / usr/sbin/iptables don’t need a password, / usr/sbin/useradd, / usr/sbin/userdel need password
testuser ALL=(ALL) NOPASSWD:/usr/sbin/iptables, PASSWD:/usr/sbin/useradd,/usr/sbin/userdel