OpenSUSE安装sudo以root身份执行命令
默认情况下,我的OpenSUSE Linux服务器上未安装sudo。
其他用户和如何使用su-命令以root用户身份运行命令。
如何在OpenSUSE Linux上安装sudo软件包?
一个人不应该登录并使用root帐户在服务器或者台式机上执行日常任务。
使用sudo管理Linux系统更安全,更容易访问。
更不用说sudo将所有命令和其他信息记录到/var/log /目录。
在本教程中我们学习了默认情况下未安装时如何在OpenSUSE Linux上安装sudo。
如何在OpenSUSE Linux上安装sudo命令
步骤如下:
- 打开终端窗口。对于使用ssh命令登录的远程服务器,使用
zypper search sudo
搜索sudo软件包。 - 在OpenSUSE Linux中安装sudo,运行:
sudo中的zypper
- 配置sudo并对其进行测试
- 禁用通过ssh的直接root访问,并使用sudo执行管理任务
让我们详细查看所有命令和示例。
步骤1使用zypper搜索软件包
输入以下zypper命令:
# zypper search sudo
输出示例:
Loading repository data... Reading installed packages... S | Name | Summary | Type --+--------------------------+-------------------------------------+---------- | gnome-sudoku | Sudoku Game for GNOME | package | gnome-sudoku-lang | Translations for package gnome-su-> | package | ksudoku | Program to generate and solve Sud-> | package | ksudoku-lang | Translations for package ksudoku | package | lxqt-sudo | GUI frontend for sudo | package | lxqt-sudo-lang | Languages for package lxqt-sudo | package | openstack-suse-sudo | OpenStack SUSE - Sudo Support | package | sudo | Execute some commands as root | package | sudo | Execute some commands as root | srcpackage | sudo-devel | Header files needed for sudo plug-> | package | sudo-test | Tests for the package | package | sudoku-sensei | Enjoy playing with Sudoku boards -> | package | texlive-sudoku | Create sudoku grids | package | texlive-sudoku-doc | Documentation for texlive-sudoku | package | texlive-sudokubundle | A set of sudoku-related packages | package | texlive-sudokubundle-doc | Documentation for texlive-sudokub-> | package | yast2-sudo | YaST2 - sudo configuration | package
获取有关sudo包的信息
运行以下zypper:
# zypper info sudo
输出示例:
Loading repository data... Reading installed packages... Information for package sudo: ---------------------------- Repository : openSUSE-Leap-15.1-Update Name : sudo Version : 1.8.22-lp151.5.3.1 Arch : x86_64 Vendor : openSUSE Installed Size : 2.7 MiB Installed : No Status : not installed Source package : sudo-1.8.22-lp151.5.3.1.src Summary : Execute some commands as root Description : Sudo is a command that allows users to execute some commands as root. The /etc/sudoers file (edited with 'visudo') specifies which users have access to sudo and which commands they can run. Sudo logs all its activities to syslogd, so the system administrator can keep an eye on things. Sudo asks for the password for initializing a check period of a given time N (where N is defined at installation and is set to 5 minutes by default).
第2步OpenSUSE使用zypper安装sudo
现在您知道如何搜索和查找sudo软件包,是时候安装相同的软件包了:
# zypper in sudo
安装sudo以使用sudo管理系统
步骤3在OpenSUSE上配置sudo
接下来,我们需要为用户帐户启用sudo访问,运行:
# visudo
确保存在以下行:
#includedir /etc/sudoers.d
接下来查找并注释掉以下两行,以便只有wheel组中的用户可以运行sudo命令:
#Defaults targetpw # ask for the password of the target user i.e. root #ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
保存并关闭文件。
配置sudo wheel组
创建一个新的配置文件,如下所示:
# visudo -f /etc/sudoers.d/wheel-users
追加以下配置:
# Allow members of group wheel to execute any command %wheel ALL=(ALL) ALL
保存并关闭文件,方法是按ESC键,然后按:x键。
如何设置和用户组访问
首先,使用groupadd命令添加一个名为wheel的新组:
# groupadd wheel
在grep命令和/etc/group文件的帮助下进行验证:
# grep ^wheel /etc/group
接下来,我将添加现有的名为Hyman的用户到轮组,如下所示:
# usermod -aG wheel {username} # usermod -aG wheel Hyman
使用id命令验证:
id Hyman
如何以root权限运行应用程序或者命令
wheel组的所有成员都可以使用以下语法运行sudo命令
sudo command sudo command arg1 arg2 sudo ls -l /etc/shadow sudo systemctl restart nginx.service
要获得root shell:
sudo -i
在我的OpenSUSE Linux服务器上执行sudo
禁用基于ssh的根访问(可选)
首先,使用ssh-copy-id命令在远程/定位OpenSUSE Linux服务器中为Hyman用户安装ssh密钥:
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
或者
ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/Hyman/.ssh/id_ed25519.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
确认您可以登录并使用sudo:
ssh [email protected] sudo -i
最后,在您的OpenSUSE Linux上,编辑/etc/ssh/sshd_config,运行:
# vi /etc/ssh/sshd_config
如下更新:
## disable all password login including root user login ## ChallengeResponseAuthentication no PasswordAuthentication no PermitRootLogin no UsePAM no
重新启动或者重新加载OpenSSHD服务:
# systemctl restart sshd.service