Bambanci Tsakanin su da sudo da Yadda ake saita sudo a cikin Linux

Tsarin Linux yana da tsaro sosai fiye da kowane takwaransa. Ɗaya daga cikin hanyoyin aiwatar da tsaro a cikin Linux shine manufofin sarrafa mai amfani da izinin mai amfani kuma masu amfani na yau da kullun ba su da izinin yin kowane tsarin aiki.

Idan mai amfani na yau da kullun yana buƙatar yin kowane sauye-sauye na tsarin yana buƙatar amfani da ko dai 'su' ko 'sudo' umarni.

NOTE - Wannan labarin ya fi dacewa ga rarrabawar tushen Ubuntu, amma kuma ya dace da yawancin shahararrun rarraba Linux.

‘su‘ yana tilasta ku raba tushen kalmar sirrin ku ga sauran masu amfani yayin da ‘sudo’ yana ba da damar aiwatar da umarnin tsarin ba tare da kalmar sirri ta tushenba. 'sudo' yana baka damar amfani da kalmar sirrinka don aiwatar da umarnin tsarin watau wakilan tsarin alhakin ba tare da kalmar sirri ta tushen.

'sudo' shine tushen binarysetuid, wanda ke aiwatar da umarnin tushen a madadin masu amfani da izini kuma masu amfani suna buƙatar shigar da kalmar sirrin kansu don aiwatar da umarnin tsarin sannan 'sudo'.

Za mu iya gudu '/ usr/sbin/visudo'don ƙara/cire jerin masu amfani waɗanda za su iya aiwatar da 'sudo'.

$ sudo /usr/sbin/visudo

Hoton allo na fayil '/ usr/sbin/visudo', yayi kama da wani abu kamar haka:

Jerin sudo yayi kama da kirtani na ƙasa, ta tsohuwa:

root ALL=(ALL) ALL

Lura: Dole ne ku zama tushen don shirya /usr/sbin/visudo fayil.

A yawancin yanayi, Mai Gudanar da Tsari, musamman sabo ga filin yana samun kirtani \tushen ALL=(ALL) ALL azaman samfuri kuma yana ba da dama ga wasu mara iyaka wanda zai iya zama mai cutarwa sosai.

Gyara fayil ɗin '/ usr/sbin/visudo' zuwa wani abu kamar tsarin da ke ƙasa na iya zama haɗari sosai, sai dai idan kun yi imani da duk masu amfani da aka jera gaba ɗaya.

root ALL=(ALL) ALL
adam ALL=(ALL) ALL
tom ALL=(ALL) ALL
mark ALL=(ALL) ALL

Daidaitaccen 'sudo' yana da sassauƙa sosai kuma adadin umarni da ke buƙatar aiwatarwa ana iya daidaita su daidai.

Haɗin kai na daidaita layin 'sudo' shine:

User_name Machine_name=(Effective_user) command

Za'a iya raba mahaɗin da ke sama zuwa sassa huɗu:

1. User_name: Wannan shine sunan mai amfani da 'sudo'.
2. Machine_name: Wannan shine sunan mai masaukin baki, wanda umarnin 'sudo' yake aiki. Yana da amfani idan kuna da injina masu yawa.
3. (Effective_user): 'Mai amfani mai inganci' wanda aka yarda ya aiwatar da umarni. Wannan rukunin yana ba ku damar masu amfani don aiwatar da Dokokin Tsari.
4. Umurni: umarni ko saitin umarni waɗanda mai amfani zai iya aiki.

Wasu daga cikin Halayen, da madaidaicin layin 'sudo':

Q1. Kuna da alamar mai amfani wanda shine Mai Gudanar da Database. Ya kamata ku samar masa da duk hanyar shiga Database Server (beta.database_server.com) kawai, kuma ba akan kowane mai watsa shiri ba.

Don yanayin da ke sama ana iya rubuta layin 'sudo' kamar:

mark beta.database_server.com=(ALL) ALL

Q2. Kuna da mai amfani 'tom' wanda ya kamata ya aiwatar da umarnin tsarin a matsayin mai amfani ban da tushen tushen Database guda ɗaya, sama da Bayani.

Don yanayin da ke sama ana iya rubuta layin 'sudo' kamar:

mark beta.database_server.com=(tom) ALL

Q3. Kuna da sudo mai amfani 'cat' wanda ya kamata ya gudanar da umarni 'kare' kawai.

Don aiwatar da yanayin da ke sama, za mu iya rubuta 'sudo' kamar:

mark beta.database_server.com=(cat) dog

Q4. Idan mai amfani yana buƙatar ba da umarni da yawa fa?

Idan adadin umarni, mai amfani ya kamata ya gudu yana ƙasa da 10, zamu iya sanya duk umarni tare, tare da farin sarari a tsakanin su, kamar yadda aka nuna a ƙasa:

mark beta.database_server.com=(cat) /usr/bin/command1 /usr/sbin/command2 /usr/sbin/command3 ...

Idan wannan jerin umarni ya bambanta zuwa kewayon, inda a zahiri ba zai yiwu a buga kowane umarni da hannu ba muna buƙatar amfani da alases. Laƙabi! Ee mai amfani na Linux inda za'a iya kiran umarni mai tsawo ko jerin umarni azaman ƙarami kuma mai sauƙi keyword.

Kadan aliasMisalai, waɗanda za a iya amfani da su a wurin shigarwa a cikin fayil ɗin daidaitawa na 'sudo'.

User_Alias ADMINS=tom,jerry,adam
user_Alias WEBMASTER=henry,mark

WEBMASTERS WEBSERVERS=(www) APACHE
Cmnd_Alias PROC=/bin/kill,/bin/killall, /usr/bin/top

Yana yiwuwa a ƙayyade Ƙungiyoyin Tsari, a madadin masu amfani, waɗanda ke cikin wannan rukunin kawai suna ƙara '%' kamar ƙasa:

%apacheadmin WEBSERVERS=(www) APACHE

Q5. Yaya game da aiwatar da umurnin 'sudo' ba tare da shigar da kalmar sirri ba?

Za mu iya aiwatar da umarnin 'sudo' ba tare da shigar da kalmar wucewa ta amfani da tutar 'NOPASSWD' ba.

adam ALL=(ALL) NOPASSWD: PROCS

Anan mai amfani da ‘adam’ zai iya aiwatar da duk umarnin da aka lakafta a karkashin \PROCS, ba tare da shigar da kalmar sirri ba.

\sudo yana ba ku ƙaƙƙarfan yanayi mai aminci tare da ɗimbin sassauci idan aka kwatanta da 'su'. Haka kuma tsarin sudo yana da sauƙi. Wasu rabe-raben Linux suna da ''sudo'' ta tsohuwa kunna yayin da yawancin distros na yau suna buƙatar kunna shi azaman Ma'aunin Tsaro.

Don ƙara mai amfani (bob) zuwa sudo kawai gudanar da umarnin da ke ƙasa azaman tushen.

adduser bob sudo

Shi ke nan a yanzu. Zan sake kasancewa a nan tare da wani labari mai ban sha'awa. Har sai a saurara kuma ku haɗa zuwa Tecment. Kar ku manta da samar mana da ra'ayoyinku masu mahimmanci a cikin sashin sharhinmu.