Sudo使用(linux用户授权)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Sudo使用(linux用户授权)相关的知识,希望对你有一定的参考价值。
Sudo使用 |
作者:马鹏 归档:学习笔记 2017/11/09
|
目 录
如何给用户添加sudo权限
第1章 sudu介绍:
sudo为了解决、给非管理员root用户授权使用root的一些列命令而使用。
第2章 如何授权:
使用visudo 编辑配置文件第98行内容(系统环境不同行数也不一定相同)、在第98行插入授权信息:
2.1 授权用户单命令
实例2-1 授权peng用户 cat 命令
###授权前
[[email protected]]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
##授权过程root操作:
#vim编辑插入下列行
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat
100
##验证结果
[[email protected]~]$ sudo -l
MatchingDefaults entries for peng on this host:
requiretty, !visiblepw, always_set_home,env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIRLS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATELC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARYLC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALLLANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat
###查看
[[email protected]~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[[email protected]~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
2.2 授权用户多命令
授权用户peng,ls命令和cat命令
#root执行授权过程
#命令的绝对路径
[[email protected]~]# which ls
aliasls=‘ls --color=auto‘
/usr/bin/ls
[[email protected]~]# which cat
/usr/bin/cat
#配置文件内容:
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat,/usr/bin/ls
## Allowsmembers of the ‘sys‘ group to run networking, software,
## servicemanagement apps and more.
##验证结果
[[email protected]~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat, (ALL) /usr/bin/ls
[[email protected]~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[[email protected]~]$ ls /root/
ls: cannotopen directory /root/: Permission denied
[[email protected]~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
[[email protected]~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
2.3 授权命令组、排除其中的个别命令
#授权命令路径
[[email protected]~]# ls /usr/bin/ |wc -l
1044
##授权/usr/bin/下的所有命令、排除rm命令
#root授权过程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) /usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##验证
[[email protected]~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/*, (ALL) !/usr/bin/rm
[[email protected]~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[[email protected]~]$ sudo rm -rf /root/list.md5
Sorry, userpeng is not allowed to execute ‘/bin/rm -rf /root/list.md5‘ as root onmapeng-edu.
[[email protected]~]$ sudo cat /root/list.md5
81f349ed6e7de0a7f230c184f8735fdb default.pass
81f349ed6e7de0a7f230c184f8735fdb default.pass.bak
2.4 授权---不需要输入密码
##授权过程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) NOPASSWD:/usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##授权不在要求输入密码
[[email protected]~]$ sudo -l
MatchingDefaults entries for peng on this host:
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/*, (ALL)!/usr/bin/rm
本文出自 “小马哥” 博客,请务必保留此出处http://oldma.blog.51cto.com/12664250/1981367
以上是关于Sudo使用(linux用户授权)的主要内容,如果未能解决你的问题,请参考以下文章