标签:VISUDO
用户管理权限visudo实例:创建用户kang,授于yum 权限,useradd 权限
[root@localhost ~]# useradd kang
[root@localhost ~]# passwd kang
Changing password for user kang.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# tail -1 /etc/passwd
kang:x:501:502::/home/kang:/bin/bash
[root@localhost ~]# visudo #开通yum与useradd权限,如需开通所有权限请用ALL
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
zabbix ALL=(ALL) ALL
kang ALL=(ALL) /usr/sbin/useradd,/usr/bin/yum
[kang@localhost ~]$ sudo reboot #reboot 没有权限
[sudo] password for kang:
Sorry, user kang is not allowed to execute ‘/sbin/reboot‘ as root on localhost.localdomain.
[kang@localhost ~]$ sudo useradd test
[sudo] password for kang:
[kang@localhost ~]$ tail -2 /etc/passwd
kang:x:501:502::/home/kang:/bin/bash
test:x:502:503::/home/test:/bin/bash
[root@localhost ~]# visudo -c #配置文语法检查
/etc/sudoers: parsed OK[root@localhost ~]# visudo
User_Alias ADMIN = kang, test #ADMIN包括了用户kang, test
Cmnd_Alias USERCMD = /usr/sbin/useradd #USERCMD包括可用useradd命令权限
Cmnd_Alias NETWORKCMD = /sbin/ifconfig,/etc/init.d/network #NETWORKCMD命令包括ifconfig/network命令
ADMIN ALL=(ALL) USERCMD, NETWORKCMD #授权用户命令使用root ALL=(ALL) ALL
用户/组 机器=角色 命令
# User_Alias ADMINS = jsmith, mikem
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig标签:VISUDO
原文地址:http://blog.51cto.com/12965094/2116443
