zoukankan      html  css  js  c++  java

  • linux系统中sudo服务

    1、linux系统中sudo服务是的普通用户能够执行较大权限的命令

    使用sudo -l 命令 查看是否具有sudo权限:

    [root@linuxprobe test]# ls
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:00:37 CST 2020 from 192.168.3.4 on pts/2
[liujiaxin01@linuxprobe ~]$ sudo -l  ## 查看是否具有sudo权限
[sudo] password for liujiaxin01:
Sorry, user liujiaxin01 may not run sudo on linuxprobe.

    2、如何赋予sudo权限

    [liujiaxin01@linuxprobe ~]$ exit
logout
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# visudo  ## 修改sudo配置文件
## 在 "root    ALL=(ALL)       ALL"语句下添加如下语句(见下图),保存,然后退出,操作同vim编辑器
liujiaxin01     ALL=(ALL)       ALL

    3、查看添加效果

    [root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:12:50 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l  ## 查看sudo权限
[sudo] password for liujiaxin01:
Matching Defaults entries for liujiaxin01 on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",
    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS
    _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User liujiaxin01 may run the following commands on this host:
    (ALL) ALL
[liujiaxin01@linuxprobe ~]$ useradd liujiaxin05  ## 测试普通用户创建新用户
-bash: /usr/sbin/useradd: Permission denied
[liujiaxin01@linuxprobe ~]$ sudo useradd liujiaxin05  ## 加 sudo 使用,可以创建新用户
[liujiaxin01@linuxprobe ~]$ tail -n 5 /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
linuxprobe:x:1000:1000:linuxprobe:/home/linuxprobe:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
liujiaxin01:x:1001:1001::/home/liujiaxin01:/bin/bash
liujiaxin05:x:1002:1002::/home/liujiaxin05:/bin/bash

    4、如何移除sudo权限

    [liujiaxin01@linuxprobe ~]$ exit
logout
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# visudo  ## 编辑sudo配置文件,注释掉或者删除用户sudo权限(下图注释掉)
[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:20:34 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l
[sudo] password for liujiaxin01:
Sorry, user liujiaxin01 may not run sudo on linuxprobe.

    5、如何赋予用户部分权限

    ## 测试未赋予权限前cat命令, /etc/shadow 储存用户密码,只有root可以使用cat查看
[root@linuxprobe test]# ls
[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:26:51 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l
[sudo] password for liujiaxin01:
Sorry, user liujiaxin01 may not run sudo on linuxprobe.
[liujiaxin01@linuxprobe ~]$ cat /etc/shadow  ## 普通用户没有权限
cat: /etc/shadow: Permission denied
    ## 测试赋予普通用户部分命令超级权限
    [liujiaxin01@linuxprobe ~]$ exit
logout
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# whereis cat  ## 查看命令位置
cat: /usr/bin/cat /usr/share/man/man1/cat.1.gz /usr/share/man/man1p/cat.1p.gz
[root@linuxprobe test]#
[root@linuxprobe test]# visudo  ## 编辑 sudo权限配置文件,在"root    ALL=(ALL)       ALL"下添加
    liujiaxin01     ALL=(ALL)       /usr/bin/cat   ## 见下图
    
[root@linuxprobe test]# su     - liujiaxin01
Last login: Wed Oct 21 17:30:54 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l  ## 查看sudo权限
[sudo] password for liujiaxin01:
Matching Defaults entries for liujiaxin01 on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",
    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS
    _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User liujiaxin01 may run the following commands on this host:
    (ALL) /usr/bin/cat
[liujiaxin01@linuxprobe ~]$ cat /etc/shadow  ## 普通用户不能查看
cat: /etc/shadow: Permission denied
[liujiaxin01@linuxprobe ~]$ sudo cat /etc/shadow | head -n 5  ## 加sudo权限查看前5行
root:$6$IBEi.cy6$jVDcYM9yAlrcfbkzusxvt2mTNXbbajsx6TaZ7m7HHeADpm5m5BoznmgtkFdEo28JkWJ6uD6p2SNpWvFy0zQ/k1:18554:0:99999:7:::
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::
adm:*:16141:0:99999:7:::
lp:*:16141:0:99999:7:::

    注:移除用户部分权限只需在sudu配置文件中删除添加行或者注释掉

    6、加NOPASSWD选项,执行sudo命令无需输入普通用户密码

    [root@linuxprobe test]# whoami
root
[root@linuxprobe test]# visudo  ## 修改sudo配置文件,ALL=NOPASSWD:(见下图)
[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:36:23 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l
Matching Defaults entries for liujiaxin01 on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",
    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS
    _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User liujiaxin01 may run the following commands on this host:
    (root) NOPASSWD: /usr/bin/cat
[liujiaxin01@linuxprobe ~]$ sudo cat /etc/shadow | head -n 3
root:$6$IBEi.cy6$jVDcYM9yAlrcfbkzusxvt2mTNXbbajsx6TaZ7m7HHeADpm5m5BoznmgtkFdEo28JkWJ6uD6p2SNpWvFy0zQ/k1:18554:0:99999:7:::
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::
  • 相关阅读:
    sqlhelper使用指南
    大三学长带我学习JAVA。作业1. 第1讲.Java.SE入门、JDK的下载与安装、第一个Java程序、Java程序的编译与执行 大三学长带我学习JAVA。作业1.
    pku1201 Intervals
    hdu 1364 king
    pku 3268 Silver Cow Party
    pku 3169 Layout
    hdu 2680 Choose the best route
    hdu 2983
    pku 1716 Integer Intervals
    pku 2387 Til the Cows Come Home
  • 原文地址:https://www.cnblogs.com/liujiaxin2018/p/13853631.html
Copyright © 2011-2022 走看看