1、linux系統中sudo服務是的普通使用者能夠執行較大許可權的命令

使用sudo -l 命令 檢視是否具有sudo許可權：

[root@linuxprobe test]# ls
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:00:37 CST 2020 from 192.168.3.4 on pts/2
[liujiaxin01@linuxprobe ~]$ sudo -l  ## 檢視是否具有sudo許可權
[sudo] password 
 
for liujiaxin01:
Sorry, user liujiaxin01 may not run sudo on linuxprobe.

2、如何賦予sudo許可權

[liujiaxin01@linuxprobe ~]$ exit
logout
[root@linuxprobe test]# whoami
root
[root@linuxprobe test]# visudo  ## 修改sudo配置檔案
## 在 "root    ALL=(ALL)       ALL"語句下新增如下語句（見下圖），儲存，然後退出，操作同vim編輯器
liujiaxin01     ALL=(ALL)       ALL
 

3、檢視新增效果

[root@linuxprobe test]# su - liujiaxin01
Last login: Wed Oct 21 17:12:50 CST 2020 on pts/0
[liujiaxin01@linuxprobe ~]$ whoami
liujiaxin01
[liujiaxin01@linuxprobe ~]$ sudo -l  ## 檢視sudo許可權
[sudo] password for liujiaxin01:
Matching Defaults entries for liujiaxin01 on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="
 
COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",
    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS
    _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User liujiaxin01 may run the following commands on this host:
    (ALL) ALL
[liujiaxin01@linuxprobe ~]$ useradd liujiaxin05  ## 測試普通使用者建立新使用者
-bash: /usr/sbin/useradd: Permission denied
[liujiaxin01@linuxprobe ~]$ sudo useradd liujiaxin05  ## 加 sudo 使用，可以建立新使用者
[liujiaxin01@linuxprobe ~]$ tail -n 5 /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
linuxprobe:x:1000:1000:linuxprobe:/home/linuxprobe:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
liujiaxin01:x:1001:1001::/home/liujiaxin01:/bin/bash
liujiaxin05:x:1002:1002::/home/liujiaxin05:/bin/bash