#################################################################### ## Sudoers allows particular users to run various commands as the root user, without needing the root password. ## Sudoers 可以使特定的用戶以根用戶的身份執行各種命令,而無需根密碼。
## Examples are provided at the bottom of the file for collections ofrelated commands, which can then be delegated out to particular usersor groups. ##文件的後面給出了相關指令集的例子,這些例子中的用戶和組均可用特定的用戶和組來代替(替換成你的系統裡面的用戶和組。)
## This file must be edited with the 'visudo' command. ## 這一文件必須使用visudo來進行編輯!!
## Host Aliases ## Groups of machines. You may prefer to use hostnames (perhaps using wildcards for entire domains) or IP addresses instead. # Host_Alias FILESERVERS = fs1, fs2 # Host_Alias MAILSERVERS = smtp, smtp2 # 機器的組,可以使用hostname或者IP地址來替代。
## User Aliases ## These aren't often necessary, as you can use regular groups (ie,from files, LDAP, NIS, etc) in this file - just use %groupname ratherthan USERALIAS. # User_Alias yyc = yyc #用戶入口,這通常並不是必需的,因為我們可以用正常組來替代,即:使用組名(groupname)而不是USERALIAS。
## Command Aliases ## These are groups of related commands... #控制入口,以下是相關命令的分組。
# # Disable "ssh hostname sudo ", because it will show thepassword in clear. You have to run "ssh -t hostname sudo ". #禁止在使用SSH登錄的時候使用sudo,這樣會顯示明碼。如果想要在SSH登錄的時候使用sudo,登錄時候必須使用ssh -t 來進行登錄。 Defaults requiretty
Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ _XKB_CHARSET XAUTHORITY"
## Next comes the main part: which users can run what software on whichmachines (the sudoers file can be shared between multiple systems). ## 這一部分是重點,他規定了哪些用戶可以在哪些機器上去運行哪些軟體。註:不同的系統可以使用同一個sudoers文件。 ## Syntax: ## ## user MACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere (規定:根用戶可以在任何系統上執行所有程序) root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,service management apps and more.使組sys裡面的用戶可以執行網路,軟體,服務管理以及其他命令。 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS #將上面的註釋去掉即可實現該功能,其中sys改為自己機器上的組即可。下同。
## Allows people in group wheel to run all commands(使組wheel裡面的用戶可以執行所有程序,但使用sudo的時候##需要輸入個人密碼。) # %wheel ALL=(ALL) ALL
## Same thing without a password (同上,但是不需要輸入密碼,我的系統在這裡進行了修改,使我可以直接使用sudo命令) # %wheel ALL=(ALL) NOPASSWD: ALL %yyc ALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the cdrom as root #允許wheel組裡面的用戶執行mount 和umount。 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system允許users裡面的用戶關閉系統。 # %users localhost=/sbin/shutdown -h now