Sudo使用 |
作者:马鹏 归档:学习笔记 2017/11/09
|
目 录
如何给用户添加sudo权限
sudo为了解决、给非管理员root用户授权使用root的一些列命令而使用。
使用visudo 编辑配置文件第98行内容(系统环境不同行数也不一定相同)、在第98行插入授权信息:
2.1 授权用户单命令
实例2-1 授权peng用户 cat 命令
###授权前
[peng@mapeng-eduetc]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-eduetc]$
##授权过程root操作:
#vim编辑插入下列行
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat
100
##验证结果
[peng@mapeng-edu~]$ sudo -l
MatchingDefaults entries for peng on this host:
requiretty, !visiblepw, always_set_home,env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIRLS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATELC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARYLC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALLLANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat
[peng@mapeng-edu~]$
###查看
[peng@mapeng-edu~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-edu~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
[peng@mapeng-edu~]$
2.2 授权用户多命令
授权用户peng,ls命令和cat命令
#root执行授权过程
#命令的绝对路径
[root@mapeng-edu~]# which ls
aliasls=‘ls --color=auto‘
/usr/bin/ls
[root@mapeng-edu~]# which cat
/usr/bin/cat
[root@mapeng-edu~]#
#配置文件内容:
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat,/usr/bin/ls
## Allowsmembers of the ‘sys‘ group to run networking, software,
## servicemanagement apps and more.
##验证结果
[peng@mapeng-edu~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat, (ALL) /usr/bin/ls
[peng@mapeng-edu~]$
[peng@mapeng-edu~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[peng@mapeng-edu~]$ ls /root/
ls: cannotopen directory /root/: Permission denied
[peng@mapeng-edu~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
[peng@mapeng-edu~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-edu~]$
#授权命令路径
[root@mapeng-edu~]# ls /usr/bin/ |wc -l
1044
[root@mapeng-edu~]#
##授权/usr/bin/下的所有命令、排除rm命令
#root授权过程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) /usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##验证
[peng@mapeng-edu~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/*, (ALL) !/usr/bin/rm
[peng@mapeng-edu~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[peng@mapeng-edu~]$ sudo rm -rf /root/list.md5
Sorry, userpeng is not allowed to execute ‘/bin/rm -rf /root/list.md5‘ as root onmapeng-edu.
[peng@mapeng-edu~]$ sudo cat /root/list.md5
81f349ed6e7de0a7f230c184f8735fdb default.pass
81f349ed6e7de0a7f230c184f8735fdb default.pass.bak
[peng@mapeng-edu~]$
##授权过程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) NOPASSWD:/usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##授权不在要求输入密码
[peng@mapeng-edu~]$ sudo -l
MatchingDefaults entries for peng on this host:
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/*, (ALL)!/usr/bin/rm
[peng@mapeng-edu~]$
本文出自 “小马哥” 博客,请务必保留此出处http://oldma.blog.51cto.com/12664250/1981367
原文地址:http://oldma.blog.51cto.com/12664250/1981367
