CentOS7配置sudo
如果一些用户共享权限,配置sudo是为了分离用户的职责
1. 将root 的权限传递给所有用户
[root@centos7 ~]# visudo
添加下面的内容到最后一行,使jack拥有root的所有权限
jack ALL=(ALL) ALL
[root@centos7 ~]# su - jack
Last login: Fri Oct 27 06:52:31 CST 2017 from 192.168.1.100 on pts/0
[jack@centos7 ~]$ /usr/bin/cat /etc/shadow
/usr/bin/cat: /etc/shadow: Permission denied
[jack@centos7 ~]$ sudo /usr/bin/cat /etc/shadow
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for jack:
root:$6$LpF2wUDowE.JSaw1$Gg8PQluOh2el9dFgzsgd/YwiCy9pw9.nAVvmV3lQwwj9gbZqySmsU2xxvvPId1mJ6mUSd04FPMhD.1jV5aKpp0::0:99999:7:::
bin:*:17110:0:99999:7:::
daemon:*:17110:0:99999:7:::
adm:*:17110:0:99999:7:::
lp:*:17110:0:99999:7:::
2. 配置一些命令不能通过sudo执行
[root@centos7 ~]# visudo
在Cmnd_Alias后一行添加
Cmnd_Alias USERMGR = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd'
在最后一行添加
%usermgr ALL=(ALL) USERMGR
[root@centos7 ~]# groupadd usermgr
[root@centos7 ~]# usermod -G usermgr jack
[jack@centos7 ~]# sudo /usr/sbin/useradd testuser
[jack@centos7 ~]# sudo /usr/bin/passwd testuser
Changing password for user testuser.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
3. 传递root的部分权限到用户的sudo
[root@centos7 ~]# visudo
添加下面的内容到最后一行,使各用户拥有root的部分权限
jack ALL=(ALL) /usr/sbin/visudo
fedora ALL=(ALL) /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd
ubuntu ALL=(ALL) /bin/vi