Linux 之 用戶管理權限visudo
阿新 • • 發佈:2018-05-15
VISUDO用戶管理權限visudo
實例:創建用戶kang,授於yum 權限,useradd 權限 [root@localhost ~]# useradd kang [root@localhost ~]# passwd kang Changing password for user kang. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@localhost ~]# tail -1 /etc/passwd kang:x:501:502::/home/kang:/bin/bash [root@localhost ~]# visudo #開通yum與useradd權限,如需開通所有權限請用ALL ## Allow root to run any commands anywhere root ALL=(ALL) ALL zabbix ALL=(ALL) ALL kang ALL=(ALL) /usr/sbin/useradd,/usr/bin/yum [kang@localhost ~]$ sudo reboot #reboot 沒有權限 [sudo] password for kang: Sorry, user kang is not allowed to execute ‘/sbin/reboot‘ as root on localhost.localdomain. [kang@localhost ~]$ sudo useradd test [sudo] password for kang: [kang@localhost ~]$ tail -2 /etc/passwd kang:x:501:502::/home/kang:/bin/bash test:x:502:503::/home/test:/bin/bash [root@localhost ~]# visudo -c #配置文語法檢查 /etc/sudoers: parsed OK
用戶別名,命令別名使用技巧
[root@localhost ~]# visudo User_Alias ADMIN = kang, test #ADMIN包括了用戶kang, test Cmnd_Alias USERCMD = /usr/sbin/useradd #USERCMD包括可用useradd命令權限 Cmnd_Alias NETWORKCMD = /sbin/ifconfig,/etc/init.d/network #NETWORKCMD命令包括ifconfig/network命令 ADMIN ALL=(ALL) USERCMD, NETWORKCMD #授權用戶命令使用
備註解釋使用
root ALL=(ALL) ALL
用戶/組 機器=角色 命令
# User_Alias ADMINS = jsmith, mikem
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig
Linux 之 用戶管理權限visudo