添加用户和设置密码
useradd zhangsan echo "zhangsan" | passwd --stdin zhangsan useradd lisi echo "lisi" | passwd --stdin lisi useradd wangwu echo "wangwu" | passwd --stdin wangwu useradd liuzi echo "liuzi" | passwd --stdin liuzi
查看是否安装软件
rpm -qa|egrep "sudo|rsyslog" chmod +w /etc/sudoers
添加rsyslog记录日志
echo "Defaults logfile=/var/log/sudo.log" >>/etc/sudoers
编辑添加授权用户
#chmod +w /etc/sudoers
#vim /etc/sudoers guoyibiao ALL=(ALL:ALL) NOPASSWD:ALL chenanbin ALL=(ALL:ALL) NOPASSWD:ALL luyang ALL=(ALL:ALL) NOPASSWD:ALL zengxueling ALL=(ALL:ALL) NOPASSWD:ALL #尾部加入不允许更改密码、不允许使用的命令 User_Alias DEVELOPER = some,zhansan,lisi,wangwu,liuzi DEVELOPER ALL=(ALL) NOPASSWD: ALL,!/bin/bash,!/bin/su,!/bin/su root,!/bin/su -,!/bin/su - root,!/usr/bin/sudo,!/usr/bin/chattr,!/usr/sbin/useradd,!/usr/sbin/userdel,!/usr/bin/passwd,/usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root, !/usr/bin/ssh Defaults logfile=/var/log/sudo.log #chmod -w /etc/sudoers #visudo -c #tail -1 /etc/rsyslog.conf local2.debug /var/log/sudo.log #systemctl restart rsyslog
其实也可以将用户添加到某个组对组进行细化授权
#使用授权账号进行测试
tail -f /var/log/sudo.log