ubuntu的sudo
目录
关于sudo
刚安装好的ubuntu默认是可以通过sudo su进入到root,sudo su之后输入的密码就是当前普通用户的密码,并不是root的密码;
centos默认不允许用户通过sudo切换用户,切换时会报这样的错误:
[zhanghe@localhost ~]$ sudo root
[sudo] zhanghe 的密码:
zhanghe 不在 sudoers 文件中。此事将被报告。
#centos的sudo配置文件
[root@localhost ~]# cat /etc/sudoers | grep -v "^#" | grep -v "^$"
Defaults !visiblepw
Defaults always_set_home
Defaults match_group_by_gid
Defaults always_query_group_plugin
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
# ubuntu的sudo配置文件
root@wptest:/home/bresee# cat /etc/sudoers | grep -v "^$" | grep -v "^#"
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
默认情况下,admin和sudo这两个组的成员可使用sudo
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
查看下当前用户(test)所属的组,其中有sudo,因此具有运行sudo的权限。
$ groups
test adm cdrom sudo dip plugdev lpadmin sambashare vboxusers kvm libvirtd
然后将test从sudo组中删除,
$ sudo gpasswd -d test sudo
重启,再查看test所属组,已经没有sudo了。
$ groups
test adm cdrom dip plugdev lpadmin sambashare vboxusers kvm libvirtd
