Sudo使用(linux用戶授權)
Sudo使用 |
作者:馬鵬 歸檔:學習筆記 2017/11/09
|
目 錄
如何給用戶添加sudo權限... 2
第1章 sudu介紹:... 2
第2章如何授權:... 2
2.1 授權用戶單命令... 2
2.2 授權用戶多命令... 4
2.3 授權命令組、排除其中的個別命令... 6
2.4 授權---不需要輸入密碼... 7
如何給用戶添加sudo權限
第1章 sudu介紹:
sudo為了解決、給非管理員root用戶授權使用root的一些列命令而使用。
第2章 如何授權:
使用visudo 編輯配置文件第98行內容(系統環境不同行數也不一定相同)、在第98行插入授權信息:
2.1 授權用戶單命令
實例2-1
###授權前
[peng@mapeng-eduetc]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-eduetc]$
##授權過程root操作:
#vim編輯插入下列行
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat
100
##驗證結果
[peng@mapeng-edu~]$ sudo -l
MatchingDefaults entries for peng on this host:
requiretty, !visiblepw, always_set_home,env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIRLS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATELC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARYLC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALLLANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat
[peng@mapeng-edu~]$
###查看
[peng@mapeng-edu~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-edu~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
[peng@mapeng-edu~]$
2.2 授權用戶多命令
授權用戶peng,ls命令和cat命令
#root執行授權過程
#命令的絕對路徑
[root@mapeng-edu~]# which ls
aliasls=‘ls --color=auto‘
/usr/bin/ls
[root@mapeng-edu~]# which cat
/usr/bin/cat
[root@mapeng-edu~]#
#配置文件內容:
98 root ALL=(ALL) ALL
99 peng ALL=(ALL) /usr/bin/cat,/usr/bin/ls
## Allowsmembers of the ‘sys‘ group to run networking, software,
## servicemanagement apps and more.
##驗證結果
[peng@mapeng-edu~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/cat, (ALL) /usr/bin/ls
[peng@mapeng-edu~]$
[peng@mapeng-edu~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[peng@mapeng-edu~]$ ls /root/
ls: cannotopen directory /root/: Permission denied
[peng@mapeng-edu~]$ sudo cat /etc/fstab
#
#/etc/fstab
# Createdby anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See manpages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=6634633e-001d-43ba-8fab-202f1df93339/ ext4 defaults,barrier=0 1 1
[peng@mapeng-edu~]$ cat /etc/fstab
cat:/etc/fstab: Permission denied
[peng@mapeng-edu~]$
2.3 授權命令組、排除其中的個別命令
#授權命令路徑
[root@mapeng-edu~]# ls /usr/bin/ |wc -l
1044
[root@mapeng-edu~]#
##授權/usr/bin/下的所有命令、排除rm命令
#root授權過程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) /usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##驗證
[peng@mapeng-edu~]$ sudo -l
[sudo]password for peng:
MatchingDefaults entries for peng on this host:
User pengmay run the following commands on this host:
(ALL) /usr/bin/*, (ALL) !/usr/bin/rm
[peng@mapeng-edu~]$ sudo ls /root/
default.pass default.pass.bak edu list.md5 README.txt
[peng@mapeng-edu~]$ sudo rm -rf /root/list.md5
Sorry, userpeng is not allowed to execute ‘/bin/rm -rf /root/list.md5‘ as root onmapeng-edu.
[peng@mapeng-edu~]$ sudo cat /root/list.md5
81f349ed6e7de0a7f230c184f8735fdb default.pass
81f349ed6e7de0a7f230c184f8735fdb default.pass.bak
[peng@mapeng-edu~]$
2.4 授權---不需要輸入密碼
##授權過程
## Allowroot to run any commands anywhere
root ALL=(ALL) ALL
peng ALL=(ALL) NOPASSWD:/usr/bin/*,!/usr/bin/rm
## Allowsmembers of the ‘sys‘ group to run networking, software,
##授權不在要求輸入密碼
[peng@mapeng-edu~]$ sudo -l
MatchingDefaults entries for peng on this host:
LINGUAS _XKB_CHARSET XAUTHORITY",secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User pengmay run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/*, (ALL)!/usr/bin/rm
[peng@mapeng-edu~]$
本文出自 “小馬哥” 博客,請務必保留此出處http://oldma.blog.51cto.com/12664250/1981367
Sudo使用(linux用戶授權)