??????????Linux???????????UNIX???????????root????????????????????????????????????????????Щ????????????????????????
???????????в????????????????????????????sudo?????????д?????????????й????????????
????????Щ???????????root???????(???????????????)??????ζ?????????????????su???????root????????????sudo???????????root(??????????????)????????????????????????
?????????????/etc/sudoers???????????????????
???????????????????????????(?????????????????????????????????????NOPASSWD????????????)??
??????????sudo??????????setuid()?????????????л?????????????
????????????????shell???????????????????и???????????
?????????10??/etc/sudoers?????????????sudo?????DefaultsЧ??????????
????$ sudo cat /etc/sudoers
????/etc/sudoers???
# # This file MUST be edited with the 'visudo' command as root.
# # Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
# # See the man page for details on how to write a sudoers file.
# Defaults
env_reset Defaults
mail_badpass Defaults
secure_path="/usr/local/sbin:/usr/local/
bin:/usr/sbin:/usr/bin:/sbin:/bin" Defaults
logfile="/var/log/sudo.log" Defaults lecture="always" Defaults
badpass_message="Password is wrong?? please try again" Defaults
passwd_tries=5 Defaults insults Defaults log_input??log_output
????Defaults???????
Defaults parameter?? parameter_list #affect all users on any host
Defaults@Host_List parameter?? parameter_list #affects all users on a
specific host Defaults:User_List parameter?? parameter_list #affects a
specific user Defaults!Cmnd_List parameter?? parameter_list #affects a
specific command Defaults>Runas_List parameter?? parameter_list #affects
commands being run as a specific user
???????????????????????????????Defaults??????????????????????????????????????б??
???????????????????????boolean???????'!'????????й?????????????????????+=(??????б?)??-=(??????б?)??
????Defaults parameter OR Defaults parameter=
????value OR Defaults parameter -=
????value Defaults parameter +=value OR Defaults !parameter
????1. ???e??PATH
??????????????????sudo???????????·???????а??????????
???????????????????sudo?????????PATH???????????á?
???????????root path??user path????????exempt_group?????????????????
??????????????????????????У?
????Defaults
????secure_path="
????/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
????2. ??TTY??????????????sudo
??????????????tty????sudo?????????cron????cgi-bin??????????
????Defaults requiretty
????3.????pty????sudo????
????????????????????sudo???ж??????(???粡????????????)??????????????????к?????????????豸??fork???????????
???????????????????????????use_pty????????sudo??????????????psuedo-pty??????????????????I/O?????????
????Defaults use_pty
????4.???????sudo??????
?????????????£?sudo?????syslog(3)????????????????????????????????????????logfile??????
????Defaults logfile="/var/log/sudo.log"
??????????????????м??????????????λ????????????????log_host??log_year??????
????Defaults log_host?? log_year?? logfile="/var/log/sudo.log"
?????????????sudo???????????

????5.???sudo?????????/??????
????????????log_input??log_output?????sudo??????pseudo-tty???????????????????????????????????????
???????I/O??????/var/log/sudo-io????????д???????????к???????洢??????С??????????iolog_dir??????????????????
????Defaults log_input?? log_output
????%{seq}????????????????????????к?????????base-36???к??????000001?????????λ????????????????μ???????00/00/01????????????£?
????$ cd /var/log/sudo-io/ $ ls $ cd 00/00/01 $ ls $ cat log

????6.????sudo???
???????????sudo??????????????????????????lecture???????????趨????????
????always – ????????????
????once – ??????????????sudo?????????????(?????????????????)??
????never – ??????????????
????Defaults lecture="always"
????????????????????lecture_file???????????????lecture?????????????????????????
????Defaults lecture_file="/path/to/file"

????Lecture Sudo Users
????7.?????????sudo???????????????
?????????????????????????????????????????????????????????“sorry??try again”???????????badpass_message?????????????????
????Defaults badpass_message="Password is wrong?? please try again"
????8.????sudo?????????
????????passwd_tries???????????????????????????????
?????????????3??

????Defaults passwd_tries=5
??????????????(????5????)???????passwd_timeout?????????????£?
????Defaults passwd_timeout=2
????9.??????????????????sudo?????????????
???????????????????????sudo?????insults????????????????????????????badpass_message??????
????Defaults insults
????10.??????sudo????