大家好，我是讯享网，很高兴认识大家。

sudoers文件解释

Sudoers allows particular users to run various commands as

the root user, without needing the root password.

该文件允许特定用户像root用户一样使用各种各样的命令，而不需要root用户的密码

Examples are provided at the bottom of the file for collections

of related commands, which can then be delegated out to particular

users or groups.

在文件的底部提供了很多相关命令的示例以供选择，这些示例都可以被特定用户或

用户组所使用

This file must be edited with the ‘visudo’ command.

该文件必须使用"visudo"命令编辑

Host Aliases

#主机别名

Groups of machines. You may prefer to use hostnames (perhap using

wildcards for entire domains) or IP addresses instead.

对于一组服务器，你可能会更喜欢使用主机名（可能是全域名的通配符）

或IP地址代替，这时可以配置主机别名

Host_Alias     FILESERVERS = fs1, fs2

Host_Alias     MAILSERVERS = smtp, smtp2

User Aliases

#用户别名

These aren’t often necessary, as you can use regular groups

(ie, from files, LDAP, NIS, etc) in this file - just use %groupname

rather than USERALIAS

这并不很常用，因为你可以通过使用组来代替一组用户的别名

User_Alias ADMINS = jsmith, mikem

Command Aliases

These are groups of related commands…

指定一系列相互关联的命令（当然可以是一个）的别名，通过赋予该别名sudo权限，

可以通过sudo调用所有别名包含的命令，下面是一些示例

Networking

#网络操作相关命令别名  
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient,
 /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, 
 /sbin/mii-tool

Installation and management of software

Services

Updating the locate database

Storage

Delegating permissions

Processes

讯享网

Drivers

#驱动命令别名
Cmnd_Alias DRIVERS = /sbin/modprobe
#环境变量的相关配置

Defaults specification

Disable "ssh hostname sudo ", because it will show the password in clear.

#         You have to run "ssh -t hostname sudo ".

Defaults    requiretty
Defaults    env_reset
Defaults    env_keep = “COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS
                        _XKB_CHARSET XAUTHORITY”

Next comes the main part: which users can run what software on

which machines (the sudoers file can be shared between multiple

systems).

下面是规则配置：什么用户在哪台服务器上可以执行哪些命令（sudoers文件可以在多个系统上共享）

Syntax:

语法
      user    MACHINE=COMMANDS
  用户 登录的主机=（可以变换的身份） 可以执行的命令

The COMMANDS section may have other options added to it.

命令部分可以附带一些其它的选项

Allow root to run any commands anywhere

允许root用户执行任意路径下的任意命令

root    ALL=(ALL)       ALL

Allows members of the ‘sys’ group to run networking, software,

service management apps and more.

%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

允许sys中户组中的用户使用NETWORKING等所有别名中配置的命令

Allows people in group wheel to run all commands

%wheel        ALL=(ALL)       ALL

允许wheel用户组中的用户执行所有命令

Same thing without a password

允许wheel用户组中的用户在不输入该用户的密码的情况下使用所有命令

%wheel        ALL=(ALL)       NOPASSWD: ALL

Allows members of the users group to mount and unmount the

cdrom as root

允许users用户组中的用户像root用户一样使用mount、unmount、chrom命令

%users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

Allows members of the users group to shutdown this system

%users  localhost=/sbin/shutdown -h now

允许users用户组中的用户像root用户一样使用shutdown命令

实例2：让普通用户fieldyang具有所有超级用户的权限而又不用输入密码
[root@test ~]# visudo
fieldyang ALL=（ALL)NOPASSWD:ALL
[fieldyang@test ~]#sudo su - 
[fieldyang@test ~]#pwd
/root

实例3：针对MySQL数据库的设置，让test组中的test用户具备/etc/init.d/mysqld的权限
mysql
1.
[root@test ~]# groupadd test
[root@test ~]# useradd -g test -m -d /home/test -s /bin/bash test
[root@test ~]# passwd test
2.
[root@test ~]# visudo

test ALL=(ALL) NOPASSWD: /etc/init.d/mysqld

test ALL=(ALL)  /etc/init.d/mysqld
3. start/stop mysql
    3.1) start mysql
        login test
[root@test ~]# su test
[test@test ~]$ sudo /etc/init.d/mysqld start
    3.2) stop mysql
        login test
[root@test ~]# su test
[test@test ~]$ sudo /etc/init.d/mysqld stop

实例4：针对tomcat的设置，让test组中的test用户具备tomcat操作的权限
tomcat
1. 
[root@test ~]# groupadd test
[root@test ~]# useradd -g test -m -d /home/test -s /bin/bash test
[root@test ~]# passwd test
2.
[root@test ~]# visudo
    # test ALL=(ALL)  /usr/local/tomcat/bin/shutdown.sh,/usr/local/tomcat/bin/startup.sh
    test ALL=(ALL) NOPASSWD: /usr/local/tomcat/bin/shutdown.sh,/usr/local/tomcat/bin/startup.sh
3.
[root@test ~]# vim /usr/local/tomcat/bin/catalina.sh
    JDK 
    export JAVA_HOME=/usr/local/jdk
    export JRE_HOME=KaTeX parse error: Expected 'EOF', got '#' at position 90: …t [root@test ~]#̲ su test   [tes… sudo /usr/local/tomcat/bin/startup.sh
[test@test ~]$ ss -ntlup | grep java
[test@test ~]$ curl -I http://localhost:8080
    4.2) stop tomcat
        login test
[root@test ~]# su test 
[test@test ~]$ sudo /usr/local/tomcat/bin/shutdown.sh