实验环境:CentOS7 Minimal安装,安装过程及软件包见http://blog.csdn.net/capricorn90/article/details/52556174
sudo是linux系统管理指令,是允许系统管理员让普通用户执行一些或者全部的root命令的一个工具,如halt,reboot,su等等。这样不仅减少了root用户的登录 和管理时间,同样也提高了安全性。
本文主要是根据自己的使用习惯做了一个基础的调整,具体的可以直接查看/etc/sudoers文件中的注释,每个设置之前都有相应的注释文字,此外自己在添加一些权限的时候最好也写上注释,一方面方便自己理解,另一方面后续删除的时候可以直接查找自己写的特定标注符号。
[vic@CentOS7 ~]$ sudo yum -y install zsh
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.[sudo] password for vic:
vic is not in the sudoers file. This incident will be reported.[vic@CentOS7 ~]$ cat /etc/sudoers| grep ADMIN
cat: /etc/sudoers: Permission denied
设定sudo
1、定义SHUTDOWN变量所包含的关机操作命令。
## commands to shutdown/reboot the machine
Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/reboot, /sbin/halt, /sbin/poweroff2、添加普通用户的sudo权限,可以操作root能够操作的所有指令,但禁止其关机操作,同时取消sudo的密码交互
## add for vic, allow execute sudo commands without password, and restrict to shutdown/reboot the machine
vic ALL=(ALL) NOPASSWD: ALL, !SHUTDOWN1)NOPASSWD是取消sudo时需要输入用户密码,如下
[vic@CentOS7 ~]$ sudo yum provides netstat
[sudo] password for vic:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
net-tools-2.0-0.17.20131004git.el7.x86_64 : Basic networking tools
Repo : base
Matched from:
Filename : /bin/netstat
2)ALL是具有所有权限
3)!SHUTDOWN是限制SHUTDOWN变量所限定的操作。
效果
执行限制的操作
[vic@CentOS7 ~]$ sudo shutdown -h now
Sorry, user vic is not allowed to execute ‘/sbin/shutdown -h now’ as root on CentOS7.
执行其他操作
[vic@CentOS7 ~]$ sudo tail -1 /etc/passwd
vic:x:1000:1000::/home/vic:/bin/bash
扫一扫
1634
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
