linux中sudo命令

Sudo is one of the most widely used commands by Linux administrators and beginners alike. In this guide, we will look at sudo command and its usages.

Sudo是Linux管理员和初学者最广泛使用的命令之一。 在本指南中，我们将介绍sudo命令及其用法。

During the installation of most Linux Systems, one is usually required to create a root user, also known as a superuser and a regular user as well. The root user has all the privileges and permissions to perform any task in the system. As a root user, you can perform sensitive tasks such as installing/uninstalling packages, updating/upgrading system repositories, making modifications to system configurations and creating new users to mention just but a few.

在大多数Linux系统的安装过程中，通常需要创建一个root用户（也称为超级用户和普通用户）。 超级用户具有执行系统中任何任务的所有特权和权限。 作为root用户，您可以执行敏感任务，例如安装/卸载软件包，更新/升级系统存储库，修改系统配置以及创建新用户（仅举几例）。

As the saying goes, with great power comes great responsibility. Making some changes as the root user can be detrimental to your system and can cause irreparable damage and ultimate crashing of your system. For example, deleting boot configuration files will render your system unable to boot. For this reason, it’s recommended that by default, users should operate the system as a regular or non-root user.

俗话说，能力越大，责任就越大。 以root用户身份进行一些更改可能对您的系统有害，并且可能导致无法弥补的损害并最终导致系统崩溃。 例如，删除启动配置文件将使您的系统无法启动。 因此，建议默认情况下，用户应以普通用户或非root用户身份操作系统。

---

---

So what happens when you need root privileges as a regular user to execute administrative tasks? In that case, the regular user needs to be granted sudo privileges. The regular user then needs to prefix the command with ‘sudo’ to execute them as a root user.

那么，当您需要普通用户的root特权来执行管理任务时会发生什么呢？ 在这种情况下，需要向普通用户授予sudo特权。 然后，普通用户需要在命令前加上“ sudo”前缀，以root用户身份执行它们。

在Ubuntu / Debian中创建新的sudo用户 (Creating a new sudo user in Ubuntu/Debian)

To add the user to the sudo group execute the following command as the root user.

要将用户添加到sudo组，请以root用户身份执行以下命令。

usermod -aG  sudo username

For example, let’s assume we have a regular user named “james” in our systems, the command will be:

例如，假设我们的系统中有一个名为“ james”的普通用户，该命令将为：

usermod -aG sudo james

Output

输出量

在RHEL / CentOS / Fedora中创建新的sudo用户 (Creating a new sudo user in RHEL/CentOS/Fedora)

To add a regular user to the sudoers group in RHEL/CentOS and Fedora, we have to modify the /etc/sudoers file. To achieve this run visudo command.

要将常规用户添加到RHEL / CentOS和Fedora中的sudoers组，我们必须修改/etc/sudoers文件。 要实现此运行visudo命令。

visudo

Output

输出量

Append the line below and replace the username attribute with your real username.

追加以下行，并用您的真实用户名替换username属性。

username ALL = (ALL) ALL

Output

输出量

Save by pressing ESC and typing : wq and finally press ‘ENTER’.

通过按ESC并输入: wq保存，最后按“ ENTER”。

Sudo命令示例 (Sudo Command Examples)

Let’s now delve in and have a look at example usages of the sudo command.

现在让我们深入研究一下sudo命令的示例用法。

以普通用户身份运行具有管理特权的命令 (To run commands with administrative privileges as a regular user)

If you are running as a normal non-root user, prefix the command with sudo as shown.

如果您以普通的非root用户身份运行，请为命令添加sudo前缀，如图所示。

sudo command_to_execute

For example, to update the system in Ubuntu & Debian as a regular user run

例如，以常规用户身份在Ubuntu＆Debian中更新系统

sudo apt update

You will be prompted for the password. Provide your password and hit ‘ENTER’. Note that you need to provide your password and not root password, even though you are running the command as a root user.

系统将提示您输入密码。 提供您的密码并点击“ ENTER”。 请注意，即使您以root用户身份运行命令，也需要提供密码而不是root密码。

Output

输出量

For Fedora Systems execute:

对于Fedora系统，执行：

sudo dnf update

Output

输出量

For RHEL/CentOS execute:

对于RHEL / CentOS，执行：

sudo yum update

清除sudo缓存 (Clearing sudo cache)

When a user tries to execute any command with sudo after the first time, they will not be prompted for a password in subsequent operations. This is because the sudo command is cached for only a few minutes before expiring.

当用户第一次尝试使用sudo执行任何命令时，在后续操作中将不会提示他们输入密码。 这是因为sudo命令在过期前仅缓存了几分钟。

To clear this cache run:

要清除此缓存运行：

sudo -k

If you try to execute any operation after running the above command, you will be prompted for a password.

如果您在运行上述命令后尝试执行任何操作，将提示您输入密码。

Output

输出量

查看允许的命令 (View commands allowed )

If you are a little curious and wish to know the commands you can execute, simply run

如果您有点好奇并希望知道可以执行的命令，只需运行

sudo -l

Output

输出量

在Ubuntu系统中切换到root用户 (Switching to root user in Ubuntu Systems)

By default, Ubuntu Systems do not ship in with a root user. To execute administrative tasks, you must first switch to root first and proceed with the execution of commands.

默认情况下，Ubuntu Systems不附带root用户。 要执行管理任务，必须首先首先切换到root并继续执行命令。

To change to root user in Ubuntu systems execute:

要在Ubuntu系统中更改为root用户，请执行：

sudo su

使用sudo以其他用户身份运行命令 (Run commands as another user with sudo)

Sudo command can also allow you to run commands as another user. The syntax for achieving this is

Sudo命令还可以允许您以其他用户身份运行命令。 实现此目的的语法是

sudo -u username command_to_be_run

For example;

例如;

sudo -u james whoami

Output

输出量

For more usages of the sudo command simply run the command below to access its help page.

有关sudo命令的更多用法，只需运行以下命令以访问其帮助页面。

man sudo

我们可以使用sudo命令更改root密码吗？ (Can we change root password using sudo command?)

As a matter of fact, Yes we can change the root password by running following command. We can change any user password by running passwd with sudo privilege.

实际上，是的，我们可以通过运行以下命令来更改root密码。 我们可以通过使用sudo特权运行passwd来更改任何用户密码。

$ sudo passwd root

It will ask for the new password for the root user. Just provide the new password and root password will be changed.

它将要求root用户输入新密码。 只要提供新密码，root密码就会更改。

Sudo重定向输出 (Sudo Redirect Output)

Sometimes we have to redirect the output to a location where we don’t have direct access. We can’t use sudo command as is to perform this because our shell does the redirection and it doesn’t have access to that directory.

有时，我们必须将输出重定向到没有直接访问权限的位置。 我们不能按原样使用sudo命令来执行此操作，因为我们的shell会执行重定向，并且它无权访问该目录。

$ sudo ls /root > /root/ls.out
-bash: /root/ls.out: Permission denied
$

There are a few alternative ways to perform this. First one is to start a new shell with sudo and pass the command to it using -c option. This new shell will have sudo access to write to the specified location.

有几种替代方法可以执行此操作。 第一个是使用sudo启动新的shell，然后使用-c选项将命令传递给它。 这个新的shell将具有sudo访问权限以写入指定位置。

$ sudo sh -c 'ls /root > /root/ls.out'

There are some other alternatives too. You can create a shell script with the command and then execute it with sudo.

也有其他选择。 您可以使用该命令创建Shell脚本，然后使用sudo执行它。

$ cat ls1.sh
#!/bin/sh
ls /root > /root/ls1.out
$ sudo ls1.sh

We can also launch a shell with sudo -s command and then run these redirection commands.

我们还可以使用sudo -s命令启动shell，然后运行这些重定向命令。

如何找到sudoers用户列表？ (How to find the sudoers users list?)

The list of users having “sudo” privilege is present in “/etc/group” file.

具有“ sudo”特权的用户列表位于“ / etc / group”文件中。

$ cat /etc/group | grep -P '^sudo'
sudo:x:27:pankaj
$

The last part of the output contains the users’ list having sudo access. You can modify the command further to print only the list of users.

输出的最后一部分包含具有sudo访问权限的用户列表。 您可以进一步修改命令以仅打印用户列表。

$ cat /etc/group | grep -P '^sudo' | cut -d: -f4
pankaj
$

sudo和su命令之间的区别 (Differences between sudo and su command)

There exists some misconception about the usage of sudo and su commands. While some think they can be used interchangeably, a few subtle differences exist between the two.

关于sudo和su命令的使用存在一些误解。 尽管有些人认为它们可以互换使用，但是两者之间存在一些细微的差异。

sudo command allows a regular user to execute or perform system-level commands that are a special reserve for the root user. sudo is prefixed before command and prompts the regular user’s password before the command can be executed. Also, for the command to be executed, the user needs to be added to the sudoers group.

sudo命令允许普通用户执行或执行系统级命令，这些命令是root用户的特殊保留。 sudo在命令之前添加前缀，并在执行命令之前提示普通用户的密码。 另外，要执行命令，需要将用户添加到sudoers组。

On the other hand, su command, enables switching entirely from a regular user to a root user. In this case, you need to provide the root password to enter into the root prompt.

另一方面， su命令可让您完全从常规用户切换为root用户。 在这种情况下，您需要提供root密码才能输入root提示符。

In unique cases like in Ubuntu distros, a root user is created without a password. This is meant to discourage anyone from logging in as root. Thus, a password needs to be created for the root user. However, the two commands are used together when a regular user needs to get into root prompt and perform administration tasks as shown.

在像Ubuntu发行版这样的独特情况下，将创建一个没有密码的root用户。 这是为了阻止任何人以root用户身份登录。 因此，需要为root用户创建密码。 但是，当普通用户需要进入root提示符并执行如图所示的管理任务时，这两个命令会一起使用。

pankaj@ubuntu:~$ su -
Password:
root@ubuntu:~# exit
pankaj@ubuntu:~$

We have to provide the root password above, not the user password. We can also switch to any other user.

我们必须提供上面的root密码，而不是用户密码。 我们还可以切换到任何其他用户。

pankaj@ubuntu:~$ su - james
Password:
james@ubuntu:~# exit
pankaj@ubuntu:~$

pankaj@ubuntu:~$ sudo su
[sudo] password for pankaj:
root@ubuntu:/home/pankaj#

The above command prompts the user for their password and drops into the root prompt.

上面的命令提示用户输入密码，并进入根提示。

结论 (Conclusion)

When a user has sudo privilege, he can run any command. So, make sure you are providing sudo access to only those users who actually need it, such as system administrators.

当用户具有sudo特权时，他可以运行任何命令。 因此，请确保仅向真正需要它的用户（例如系统管理员）提供sudo访问。

翻译自: https://www.journaldev.com/25058/sudo-command-in-linux

linux中sudo命令