sudo
Instead of using the root user account, unprivileged users can be configured for using administrator permissions on specific tasks by using sudo. When sudo is configured, ordinary users have sudo privileges and to use these privileges, they will start the command using sudo . So, instead of using commands like useradd as the root user, you use an ordinary user account and type sudo useradd . This is definitely more secure because you will only be able to act as if you have administrator permissions while running this specific command.
When creating Linux users during the installation process, you can select to grant administrator permissions to that specific user. If you select to do so, the user will be able to use all administrator commands using sudo. It is also possible to set up sudo privileges after installation. To do that in a very easy way, you have to accomplish a simple two-step procedure:
1. Make the administrative user account member of the group wheel by using usermod -aG wheel user .
2. Type visudo and make sure the line %wheel ALL=(ALL) ALL is included.
[rusky@rhel7 ~]$ useradd test --普通账号rusky是没有权限添加用户的 -bash: /usr/sbin/useradd: Permission denied [rusky@rhel7 ~]$ sudo useradd test --使用sudo提升到administrator权限失败 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for rusky: rusky is not in the sudoers file. This incident will be reported. [rusky@rhel7 ~]$ id rusky uid=1000(rusky) gid=1000(rusky) groups=1000(rusky) ========================================== 处理方法: [rusky@rhel7 ~]$ su - Password: Last login: Thu Jun 16 03:50:19 EDT 2016 from rhel7.com on pts/4 [root@rhel7 ~]# usermod -aG wheel rusky --执行这条命令 [root@rhel7 ~]# visudo -- ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL [root@rhel7 ~]# su - rusky Last login: Thu Jun 16 04:06:56 EDT 2016 on pts/4 [rusky@rhel7 ~]$ useradd -bash: /usr/sbin/useradd: Permission denied [rusky@rhel7 ~]$ sudo useradd test --使用sudo 添加用户正常 [sudo] password for rusky:
=========================
[root@rhel7 ~]#usermod -aG wheel rusky ---修改用户,将用户rusky添加到附加组wheel组(系统默认就有这个组)
这个rusky用户是安装系统的过种中创建的;也可以在使用useradd -g root -G wheel -d /home/rusky2 -m rusky2 命令创建新用户时添加到附加wheel组。
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
=====
[root@rhel7 ~]# visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password
. ......
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL -- 取消注释此行