刚安装好的ubuntu默认是可以通过sudo su进入到root,sudo su之后输入的密码就是当前普通用户的密码,并不是root的密码;
centos默认不允许用户通过sudo切换用户,切换时会报这样的错误:
[zhanghe@localhost ~]$ sudo root [sudo] zhanghe 的密码: zhanghe 不在 sudoers 文件中。此事将被报告。
#centos的sudo配置文件 [root@localhost ~]# cat /etc/sudoers | grep -v "^#" | grep -v "^$" Defaults !visiblepw Defaults always_set_home Defaults match_group_by_gid Defaults always_query_group_plugin Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin root ALL=(ALL) ALL %wheel ALL=(ALL) ALL
# ubuntu的sudo配置文件 root@wptest:/home/bresee# cat /etc/sudoers | grep -v "^$" | grep -v "^#" Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" root ALL=(ALL:ALL) ALL %admin ALL=(ALL) ALL %sudo ALL=(ALL:ALL) ALL
默认情况下,admin和sudo这两个组的成员可使用sudo
# User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
查看下当前用户(test)所属的组,其中有sudo,因此具有运行sudo的权限。
$ groups test adm cdrom sudo dip plugdev lpadmin sambashare vboxusers kvm libvirtd
然后将test从sudo组中删除,
$ sudo gpasswd -d test sudo
重启,再查看test所属组,已经没有sudo了。
$ groups test adm cdrom dip plugdev lpadmin sambashare vboxusers kvm libvirtd
