document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

translated (#5225)

Browse Source 
* Delete:20170213 A beginners guide to understanding sudo on Ubuntu.md

* Translated:20170213 A beginners guide to understanding sudo on Ubuntu.md
This commit is contained in:
ypingcn 2017-03-05 12:11:05 +08:00 committed by Ezio
parent 3c6a53ad65
commit b99badd53b
2 changed files with 262 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
sources/tech/20170213 A beginners guide to understanding sudo on Ubuntu.md
View File

@ -1,228 +0,0 @@
translating by ypingcn
A beginner's guide to understanding sudo on Ubuntu
============================================================
### On this page
1. [What is sudo?][4]
2. [Can any user use sudo?][5]
3. [What is a sudo session?][6]
4. [The sudo password][7]
5. [Some important sudo command line options][8]
1. [The -k option][1]
2. [The -s option][2]
3. [The -i option][3]
6. [Conclusion][9]
Ever got a 'Permission denied' error while working on the Linux command line? Chances are that you were trying to perform an operation that requires root permissions. For example, the following screenshot shows the error being thrown when I was trying to copy a binary file to one of the system directories:
[
![permission denied on the shell](https://www.howtoforge.com/images/sudo-beginners-guide/perm-denied-error.png)
][11]
So what's the solution to this problem? Simple, use the **sudo** command.
[
![run command with sudo](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-example.png)
][12]
The user who is running the command will be prompted for their login password. Once the correct password is entered, the operation will be performed successfully.
While sudo is no doubt a must-know command for any and everyone who works on the command line in Linux, there are several other related (and in-depth) details that you should know in order to use the command more responsibly and effectively.  And that's exactly what we'll be discussing here in this article.
But before we move ahead, it's worth mentioning that all the commands and instructions mentioned in this article have been tested on Ubuntu 14.04LTS with Bash shell version 4.3.11.
### What is sudo?
The sudo command, as most of you might already know, is used to execute a command with elevated privileges (usually as root). An example of this we've already discussed in the introduction section above. However, if you want, you can use sudo to execute command as some other (non-root) user.
This is achieved through the -u command line option the tool provides. For example, in the example shown below, I (himanshu) tried renaming a file in some other user's (howtoforge) home directory, but got a 'permission denied' error. And then I tried the same 'mv' command with 'sudo -u howtoforge,' the command was successful:
[
![What is sudo](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-switch-user.png)
][13]
### Can any user use sudo?
No. For a user to be able to use sudo, an entry corresponding to that user should be in the /etc/sudoers file. The following paragraph - taken from Ubuntu's website - should make it more clear:
```
The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what).
```
If you are using Ubuntu, it's easy to make sure that a user can run the sudo command: all you have to do is to make that user account type 'administrator'. This can be done by heading to System Settings... -> User Accounts.
[
![sudo users](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-user-accounts.png)
][14]
Unlocking the window:
[
![unlocking window](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-user-unlock.png)
][15]
Then selecting the user whose account type you want to change, and then changing the type to 'administrator'
[
![choose sudo accounts](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-admin-account.png)
][16]
However, if you aren't on Ubuntu, or your distribution doesn't provide this feature, you can manually edit the /etc/sudoers file to make the change. You'll be required to add the following line in that file:
```
[user]    ALL=(ALL:ALL) ALL
```
Needless to say, [user] should be replaced by the user-name of the account you're granting the sudo privilege. An important thing worth mentioning here is that the officially suggested method of editing this file is through the **visudo** command - all you have to do is to run the following command:
sudo visudo
To give you an idea why exactly is that the case, here's an excerpt from the visudo manual:
```
visudo edits the sudoers file in a safe fashion. visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
```
For more information on visudo, head [here][17].
### What is a sudo session?
If you use the sudo command frequently, I am sure you'd have observed that after you successfully enter the password once, you can run multiple sudo commands without being prompted for the password. But after sometime, the sudo command asks for your password again.
This behavior has nothing to do with the number of sudo-powered commands you run, but instead depends on time. Yes, by default, sudo won't ask for password for 15 minutes after the user has entered it once. Post these 15 minutes, you'll be prompted for password again.
However, if you want, you can change this behavior. For this, open the /etc/sudoers file using the following command:
sudo visudo
And then go to the line that reads:
```
Defaults env_reset
```
[
![env_reset](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-session-time-default.png)
][18]
and add the following variable (highlighted in bold below) at the end of the line
```
Defaults env_reset,timestamp_timeout=[new-value]
```
The [new-value] field should be replaced by the number of minutes you want your sudo session to last. For example, I used the value 40.
[
![sudo timeout value](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-session-timeout.png)
][19]
In case you want to get prompted for password every time you use the sudo command, then in that case you can assign the value '0' to this variable. And for those of you who want that their sudo session should never time out, you can assign the value '-1'.
Please note that using timestamp_timeout with value '-1' is strongly discouraged.
### The sudo password
As you might have observed, whenever sudo prompts you for a password and you start entering it, nothing shows up - not even asterisks that's usually the norm. While that's not a big deal in general, some users may want to have the asterisks displayed for whatever reason.
The good thing is that's possible and pretty easy to do. All you have to do is to change the following line in /etc/sudoers file:
```
Defaults        env_reset
```
to
```
Defaults        env_reset,pwfeedback
```
And save the file.
Now, whenever you'll type the sudo password, asterisk will show up.
[
![hide the sudo password](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-password.png)
][20]
### Some important sudo command line options
Aside from the -u command line option (which we've already discussed at the beginning of this tutorial), there are some other important sudo command line options that deserve a mention. In this section, we will discuss some of those.
### The -k option
Consider a case where-in you've just run a sudo-powered command after entering your password. Now, as you already know, the sudo session remains active for 15-mins by default. Suppose during this session, you have to give someone access to your terminal, but you don't want them to be able to use sudo. What will you do?
Thankfully, there exists a command line option -k that allows user to revoke sudo permission. Here's what the sudo man page has to say about this option:
```
-k, --reset-timestamp
When used without a command, invalidates the user's cached credentials. In other words, the next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.
When used in conjunction with a command or an option that may require a password, this option will cause sudo to ignore the user's cached credentials. As a result, sudo will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials.
```
### The -s option
There might be times when you work requires you to run a bucketload of commands that need root privileges, and you don't want to enter the sudo password every now and then. Also, you don't want to tweak the sudo session timeout limit by making changes to the /etc/sudoers file. 
In that case, you may want to use the -s command line option of the sudo command. Here's how the sudo man page explains it:
```
-s, --shell
Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry. If a command is specified, it is passed to the shell for execution via the shell's -c option. If no command is specified, an interactive shell is executed.
```
So basically, what this command line option does is:
* Launches a new shell - as for which shell, the SHELL env variable is referred. In case $SHELL is empty, the shell defined in the /etc/passwd file is picked up.
* If you're also passing a command name along with the -s option (for example: sudo -s whoami), then the actual command that gets executed is: sudo /bin/bash -c whoami.
* If you aren't trying to execute any other command (meaning, you're just trying to run sudo -s) then you get an interactive shell with root privileges.
What's worth keeping in mind here is that the -s command line option gives you a shell with root privileges, but you don't get the root environment - it's your .bashrc that gets sourced. This means that, for example, in the new shell that sudo -s runs, executing the whoami command will still return your username, and not 'root'.
### The -i option
The -i option is similar to the -s option we just discussed. However, there are some differences. One of the key differences is that -i gives you the root environment as well, meaning your (user's) .bashrc is ignored. It's like becoming root without explicitly logging as root. What more, you don't have to enter the root user's password as well.
**Important**: Please note that there exists a **su** command which also lets you switch users (by default, it lets you become root). This command requires you to enter the 'root' password. To avoid this, you can also execute it with sudo ('sudo su'); in that case you'll just have to enter your login password. However, 'su' and 'sudo su' have some underlying differences - to understand them as well as know more about how 'sudo -i' compares to them, head [here][10].
### Conclusion
I hope that by now you'd have at least got the basic idea behind sudo, and how you tweak it's default behavior. Do try out the /etc/sudoers tweaks we've explained here, also go through the forum discussion (linked in the last paragraph) to get more insight about the sudo command.
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/sudo-beginners-guide/
作者:[Himanshu Arora][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/
[1]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-k-option
[2]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-s-option
[3]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-i-option
[4]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#what-is-sudo
[5]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#can-any-user-use-sudo
[6]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#what-is-a-sudo-session
[7]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-sudo-password
[8]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#some-important-sudo-command-line-options
[9]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/#conclusion
[10]:http://unix.stackexchange.com/questions/98531/difference-between-sudo-i-and-sudo-su
[11]:https://www.howtoforge.com/images/sudo-beginners-guide/big/perm-denied-error.png
[12]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-example.png
[13]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-switch-user.png
[14]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-user-accounts.png
[15]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-user-unlock.png
[16]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-admin-account.png
[17]:https://www.sudo.ws/man/1.8.17/visudo.man.html
[18]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-session-time-default.png
[19]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-session-timeout.png
[20]:https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-password.png

262
translated/tech/20170213 A beginners guide to understanding sudo on Ubuntu.md Normal file
View File

@ -0,0 +1,262 @@
一份关于理解 Ubuntu 上 sudo 的初学者指导
============================================================
### 在这页面上
1. [什么是 sudo?][4]
2. [任何用户都能用 sudo 吗?][5]
3. [什么是一个 sudo 会话?][6]
4. [sudo 密码][7]
5. [一些重要的 sudo 命令行参数][8]
1. [ -k 参数][1]
2. [-s 参数][2]
3. [-i 参数][3]
6. [总结][9]
曾经在你使用 Linux 命令行时提示“拒绝访问”的错误?这可能是你正在尝试做一个需要根权限的命令。例如,下面的截图展示了当我正在尝试复制一个二进制文件到一个系统目录时显示的错误。
[
![shell 的拒绝访问](https://www.howtoforge.com/images/sudo-beginners-guide/perm-denied-error.png)
][11]
所以该怎么解决这个错误?很简单,使用 ** sudo ** 命令。
[
![用 sudo 运行命令](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-example.png)
][12]
正在运行命令的用户被提示需要他们的登录密码。一旦输入了正确的密码,操作将会成功执行。
毫无疑问sudo 是任何在 Linux 上使用命令行的人所必须知道的命令。但是,为了更负责有效地使用命令,你还是得知道一些相关(深入)的细节。这正是我们将会在这篇文章中讨论的。
但是在我们继续之前,值得提一下的是,这篇文章所提到的所有命令指示都已经在 Ubuntu 14.04LTS 下的 4.3.11版 Bash 通过测试。
### 什么是 sudo
正如你们大部分人所知道的sudo 是用来执行需要提升权限(通常是作为 root 用户)的命令。在这篇文章之前的简介部分已经讨论过这样的一个例子。然而,如果你想的话,你能用 sudo 运行一些其他(非 root )用户的命令。
这点是由工具提供的 -u 命令行选项所实现的。举个例子如下面的例子所展示的那样himanshu尝试留一个文件在其他用户howtoforge的家目录中但是得到一个“访问拒绝”的错误。然后我尝试加上“sudo -u howtoforge”后用同样的“mv”命令命令成功执行了
[
![什么是 sudo](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-switch-user.png)
][13]
### 任何人都能用 sudo 吗?
不,为了让一个用户能使用 sudo ,跟用户相关的信息应该在 /etc/sudoers 里。下述摘自 Ubuntu 网页的段落能讲得更清楚:
```
/etc/sudoers 文件控制了谁能以何种用户的身份在何种机器上运行何种命令,同样控制了特殊的事件例如对于特定的命令你是否需要输入密码。这个文件由 aliases (基本变量)和用户识别符(控制谁能运行什么命令)组成。
```
如果你正在使用 Ubuntu很容易去确认一个用户能运行 sudo 命令:你所需要做的就是把账户改成管理员。这能直接到 系统设置->用户账户里完成。
[
![sudo 用户](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-user-accounts.png)
][14]
解锁窗口
[
![unlocking window](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-user-unlock.png)
][15]
然后选择你想改变用户类型的用户,然后将类型改成“管理员”
[
![choose sudo accounts](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-admin-account.png)
][16]
然而,如果你不使用 Ubuntu或者你的发行版没有提供这个特性你能手动编辑 /etc/sudoers 文件来实现改变。你要在文件添加这样的一行:
```
[user] ALL=(ALL:ALL) ALL
```
无需赘言,[user] 应该被你想提升 sudo 权限的用户的用户名所代替。在这里值得提到的一件重要的事情是,官方建议的编辑该文件的方式是通过 **visudo** 命令——你需要做的就是运行下述命令:
sudo visudo
为了说清究竟是怎么一回事,这里有段从 visudo 手册里的摘要:
```
visudo 以安全的模式编辑 sudoers 文件。visudo 锁定 sudoers 文件以防重复同时的编辑提供基本的检查sanity checks和语法错误检查。如果 sudoers 文件现在正在被编辑,你将会收到一个信息提示稍后再试。
```
关于 visudo 的更多信息,前往[这里][17]
### 什么是 sudo 会话
如果你经常使用 sudo 命令,我很确定你注意过当你成功输入一次密码后,你能不用密码提升权限地运行几次 sudo 命令。但是一段时间后sudo 命令又再次要求你的密码。
这种现象跟运行 sudo 命令数目无关跟时间有关。是的sudo 默认在输入一次密码后 15 分钟内不会再次要求密码。15 分钟后,你会再次被要求输入密码提升权限。
然而,如果你想的话,你能改变这种现象。用以下命令打开 /etc/sudoers 文件
sudo visudo
接下来的一行显示:
```
Defaults env_reset
```
[
![env_reset](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-session-time-default.png)
][18]
然后在这行最后添加以下变量(下面用黑体字强调):
```
Defaults env_reset,timestamp_timeout=[new-value]
```
[new-value] 应该用你想要 sudo 会话持续时间数替换。例如,我用数值 40。
[
![sudo timeout value](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-session-timeout.png)
][19]
万一你想每次使用 sudo 命令时都要求输入密码提升权限,这样你能把这个变量赋值为 0 。想要 sudo 会话永远不过时,你得赋值为 -1。
注意数值为 -1 的 timestamp_timeout 是强烈不推荐的。
### sudo 密码
正如你可能观察过的,当 sudo 要求输入密码然后你开始输入时,不会显示任何东西——甚至连标准的星号都没有。通常这不是什么大问题,一些用户无论什么原因想要显示星号、
好消息是那有可能也很容易做到。所有你需要做的就是在 /etc/sudoers 文件里将下述的行:
```
Defaults env_reset
```
改成
```
Defaults env_reset,pwfeedback
```
然后保存文件
现在,无论什么时候输入 sudo 密码,星号都会显示。
[
![hide the sudo password](https://www.howtoforge.com/images/sudo-beginners-guide/sudo-password.png)
][20]
## 一些重要的 sudo 命令行参数
除了 -u命令行参数我们已经在这篇教程的开始部分讨论过了还有其他重要的 sudo 命令行参数值得注意。在这部分,我们将会讨论其中一些。
### -k 参数
### The -k option
考虑下一种情况:当你刚输入密码后运行了几个 sudo 驱动的命令时。现在正如你已经知道的sudo 会话默认保持 15 分钟。假设在这会话期间,你得给你终端一些权限,但你不想让他们使用 sudo ,你将会怎么做?
还好,有 -k 命令行参数允许用户取消 sudo 权限。这是 sudo 帮助页面man page关于这一点所讲的
```
-k, --reset-timestamp
不带任何命令使用时,撤销用户缓存的凭据。换句话讲,下一次使用 sudo 将会要求输入密码。这个参数不需要密码,允许用户从一个 .logout 文件撤销 sudo 权限。
当与一个命令,或者一个可能需要密码的操作一起用时,这个参数将会导致 sudo 忽略用户缓存的凭据。结果是 sudo 要求输入密码(如果这是被安全策略所要求的),而且不会更新用户缓存的凭据。
```
### -s 参数
或许有几次当你的工作要求你运行一堆需要 root 权限的命令时,你不想每次都输入密码。你也不想通过改变 /etc/sudoers 文件调整 sudo 会话的过期时限。
这种情况下,你可以用 sudo 的 -s 参数。这是 sudo 帮助页面man page所解释的
```
-s, --shell
如果 SHELL 环境变量设置了或者 shell 调用了用户的密码数据库,就能用它运行 shell 。如果指定了命令,命令将会通过 shell 的 -c 参数传递给 shell 执行。如果没有指定命令,一个交互式 shell 将会执行。
```
所以,基本地,这命令参数做的是:
* 启动一个新的 shell ,对于哪一个 shell 来说SHELL 赋值变量都有引用。万一 $SHELL 是空的,将会用 /etc/passwd 定义的内容。
* 如果你用 -s 参数传递了一个命令名(例如 sudo -s whoami,实际执行的是 sudo /bin/bash -c whoami。
* 如果你尝试执行其他命令(意思是 你只是正在尝试运行 sudo -s你将会得到一个有有 root 权限的交互式的 shell。
这里值得记住的是 -s 命令行参数给你一个有 root 权限的 shell但是你没有 root 环境——你的 .bashrc 决定的。这意思是,例如在一个用 sudo -s 运行的新 shell 里,执行 whoami 命令仍会返回你的用户名,而非 root 。
### -i 参数
-i 参数跟我们讨论过的 -s 参数相像。然而,还是有点区别。一个重要的区别是 -i 也给了你 root 环境,意味着你的(用户的).bashrc 被忽略。这就像没有明确指明用 root 登录也能称为成为 root 。此外,你也不用输入 root 用户密码。
** 重要 **:请注意有也能让你切换用户的 **su** 命令(默认的是切换到 root 这个命令需要你输入 root 密码。为了避免这一点,你也要用 sudo 执行(‘ sudo su这样你只需要输入你的登录密码。然而su 和 sudo su 有隐含的区别 ——了解他们和跟相应的 sudo -i 区别,来[这里][10]
**Important**: Please note that there exists a **su** command which also
### 总结
我希望现在你至少知道了 sudo 的基本知识,和如何调整 sudo 的默认行为。请按我们解释过的那样全部尝试调整 /etc/sudoers 。同时也浏览一下论坛讨论(在最后一段中有链接)来更深入了解 sudo 命令。
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/sudo-beginners-guide/
作者:[Himanshu Arora][a]
译者:[ypingcn](https://ypingcn.github.io/wiki/lctt)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/
[1]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-k-option
[2]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-s-option
[3]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-i-option
[4]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#what-is-sudo
[5]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#can-any-user-use-sudo
[6]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#what-is-a-sudo-session
[7]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#the-sudo-password
[8]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#some-important-sudo-command-line-options
[9]: https://www.howtoforge.com/tutorial/sudo-beginners-guide/#conclusion
[10]: http://unix.stackexchange.com/questions/98531/difference-between-sudo-i-and-sudo-su
[11]: https://www.howtoforge.com/images/sudo-beginners-guide/big/perm-denied-error.png
[12]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-example.png
[13]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-switch-user.png
[14]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-user-accounts.png
[15]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-user-unlock.png
[16]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-admin-account.png
[17]: https://www.sudo.ws/man/1.8.17/visudo.man.html
[18]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-session-time-default.png
[19]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-session-timeout.png
[20]: https://www.howtoforge.com/images/sudo-beginners-guide/big/sudo-password.png