默认情况下，我的OpenSUSE Linux服务器上未安装sudo。
其他用户和如何使用su-命令以root用户身份运行命令。
如何在OpenSUSE Linux上安装sudo软件包？
一个人不应该登录并使用root帐户在服务器或者台式机上执行日常任务。
使用sudo管理Linux系统更安全，更容易访问。
更不用说sudo将所有命令和其他信息记录到/var/log /目录。
在本教程中我们学习了默认情况下未安装时如何在OpenSUSE Linux上安装sudo。

如何在OpenSUSE Linux上安装sudo命令

步骤如下：

• 打开终端窗口。对于使用ssh命令登录的远程服务器，使用zypper search sudo搜索sudo软件包。
• 在OpenSUSE Linux中安装sudo，运行：sudo中的zypper
• 配置sudo并对其进行测试
• 禁用通过ssh的直接root访问，并使用sudo执行管理任务

让我们详细查看所有命令和示例。

步骤1使用zypper搜索软件包

输入以下zypper命令：

# zypper search sudo

输出示例：

Loading repository data...
Reading installed packages...
 
S | Name                     | Summary                             | Type      
--+--------------------------+-------------------------------------+----------
  | gnome-sudoku             | Sudoku Game for GNOME               | package   
  | gnome-sudoku-lang        | Translations for package gnome-su-> | package   
  | ksudoku                  | Program to generate and solve Sud-> | package   
  | ksudoku-lang             | Translations for package ksudoku    | package   
  | lxqt-sudo                | GUI frontend for sudo               | package   
  | lxqt-sudo-lang           | Languages for package lxqt-sudo     | package   
  | openstack-suse-sudo      | OpenStack SUSE - Sudo Support       | package   
  | sudo                     | Execute some commands as root       | package   
  | sudo                     | Execute some commands as root       | srcpackage
  | sudo-devel               | Header files needed for sudo plug-> | package   
  | sudo-test                | Tests for the package               | package   
  | sudoku-sensei            | Enjoy playing with Sudoku boards -> | package   
  | texlive-sudoku           | Create sudoku grids                 | package   
  | texlive-sudoku-doc       | Documentation for texlive-sudoku    | package   
  | texlive-sudokubundle     | A set of sudoku-related packages    | package   
  | texlive-sudokubundle-doc | Documentation for texlive-sudokub-> | package   
  | yast2-sudo               | YaST2 - sudo configuration          | package

获取有关sudo包的信息

运行以下zypper：

# zypper info sudo

输出示例：

Loading repository data...
Reading installed packages...
 
 
Information for package sudo:
----------------------------
Repository     : openSUSE-Leap-15.1-Update    
Name           : sudo                         
Version        : 1.8.22-lp151.5.3.1           
Arch           : x86_64                       
Vendor         : openSUSE                     
Installed Size : 2.7 MiB                      
Installed      : No                           
Status         : not installed                
Source package : sudo-1.8.22-lp151.5.3.1.src  
Summary        : Execute some commands as root
Description    :                              
    Sudo is a command that allows users to execute some commands as root.
    The /etc/sudoers file (edited with 'visudo') specifies which users have
    access to sudo and which commands they can run. Sudo logs all its
    activities to syslogd, so the system administrator can keep an eye on
    things. Sudo asks for the password for initializing a check period of a
    given time N (where N is defined at installation and is set to 5
    minutes by default).

第2步OpenSUSE使用zypper安装sudo

现在您知道如何搜索和查找sudo软件包，是时候安装相同的软件包了：

# zypper in sudo

安装sudo以使用sudo管理系统

步骤3在OpenSUSE上配置sudo

接下来，我们需要为用户帐户启用sudo访问，运行：

# visudo

确保存在以下行：

#includedir /etc/sudoers.d

接下来查找并注释掉以下两行，以便只有wheel组中的用户可以运行sudo命令：

#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

保存并关闭文件。

配置sudo wheel组

创建一个新的配置文件，如下所示：

# visudo -f /etc/sudoers.d/wheel-users

追加以下配置：

# Allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

保存并关闭文件，方法是按ESC键，然后按：x键。

如何设置和用户组访问

首先，使用groupadd命令添加一个名为wheel的新组：

# groupadd wheel

在grep命令和/etc/group文件的帮助下进行验证：

# grep ^wheel /etc/group

接下来，我将添加现有的名为Hyman的用户到轮组，如下所示：

# usermod -aG wheel {username}
# usermod -aG wheel Hyman

使用id命令验证：

id Hyman

如何以root权限运行应用程序或者命令

wheel组的所有成员都可以使用以下语法运行sudo命令

sudo command
sudo command arg1 arg2
sudo ls -l /etc/shadow
sudo systemctl restart nginx.service

要获得root shell：

sudo -i

在我的OpenSUSE Linux服务器上执行sudo

禁用基于ssh的根访问(可选)

首先，使用ssh-copy-id命令在远程/定位OpenSUSE Linux服务器中为Hyman用户安装ssh密钥：

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

或者

ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/Hyman/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

确认您可以登录并使用sudo：

ssh [email protected]
sudo -i

最后，在您的OpenSUSE Linux上，编辑/etc/ssh/sshd_config，运行：

# vi /etc/ssh/sshd_config

如下更新：

## disable all password login including root user login ##
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitRootLogin no
UsePAM no

重新启动或者重新加载OpenSSHD服务：

# systemctl restart sshd.service