這是個 FAQ 文,Linux 弱如本人,寫教學文好像不是什麼好主意,所以只是個 FAQ 文。
關於 Add sudoer 這件事…每個 OS 都不太一樣,我自己是比較會 CentOS/Ubuntu。
Ubuntu 比較簡單,就:
sudo adduser yourname admin
CentOS 的話…就是我被問了好幾次的問題( 可能是因為 google 不到中文的資訊? ):
CentOS 中可以在 /etc/ 底下找到 sudoers 這個檔案,沒錯,就是要編輯這個檔案來增減 sudoer。正常我們 edit file 都是直接
sudo vi filename
或
sudo vim filename
→ ZZ → done
但因為這個檔案對 OS 說非同小可,所以必須用特殊的指令處理:
sudo visudo -f /etc/sudoers
它的做法是先複製一份 sudoers,同時 lock 住其他人的權限( read-only ),此時若有人同時也想 edit 這個檔案,他就會跟你說: “try it later”( 有點像是老 version control CVS lock 的感覺 )。然後,確定 edit 完這個複製的檔案後,儲存的時候,他會覆寫原本的檔案。
這裡是 man 原文說明:
visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
There is a hard-coded list of editors that visudo will use set at compile-time that may be overridden via the editor sudoers Default variable. This list defaults to the path to vi(1) on your system, as determined by the configure script. Normally, visudo does not honor the VISUAL or EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if visudo is configured with the –with-enveditor flag or the env_editor Default variable is set in sudoers, visudo will use any the editor defines by VISUAL or EDITOR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.
visudo parses the sudoers file after the edit and will not save the changes if there is a syntax error. Upon finding an error, visudo will print a message stating the line number(s) where the error occurred and the user will receive the “What now?” prompt. At this point the user may enter “e” to re-edit the sudoers file, “x” to exit without saving the changes, or “Q” to quit and save changes. The “Q” option should be used with extreme care because if visudo believes there to be a parse error, so will sudo and no one will be able to sudo again until the error is fixed. If “e” is typed to edit the sudoers file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature).
所以只要在 ## Allow root to run any commands anywhere 底下( 不一定要在這,哪裡都可以,只是也許有人比較喜歡「明確知道」自己要加在哪比較好 ) 加上
Syntax:
user MACHINE=COMMANDS
的內容上去,假設是不限機器的完整權限的話,就寫上
yourname ALL=(ALL) ALL
這樣子就可以了。如果想更了解 visudo 的話,可以看這裡。
嗯…寫這麼簡單的東西我自己看了都想笑 XD
Recent Comments