sudo权限的两种配置方法（centos7系统）

1. vim /etc/sudoers

100 ## Same thing without a password
101 # %wheel        ALL=(ALL)       NOPASSWD: ALL
102 
103 ## Allows members of the users group to mount and unmount the 
104 ## cdrom as root
105 # %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
106 
107 ## Allows members of the users group to shutdown this system
108 # %users  localhost=/sbin/shutdown -h now
109 
110 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
111 #includedir /etc/sudoers.d
112 haha    ALL=(ALL)       ALL
113 

第112行为用户haha赋予系统管理员权限
添加如下：

XXX ALL=(ALL) ALL

XXX ALL=(ALL) NOPASSWD:ALL(出于方便，推荐使用此设置)

第一种方式：允许用户XXX执行sudo命令（需要输入密码）。

第二种方式：允许用户XXX执行sudo命令，并且在执行的时候不输入密码。

验证：重启apache能否成功

[root@zb-yunwei-test-203-51 ~]# vim /etc/sudoers
[root@zb-yunwei-test-203-51 ~]# su - haha 
Last login: Mon Apr 20 15:57:30 CST 2020 on pts/1
[haha@zb-yunwei-test-203-51 ~]$ sudo systemctl restart httpd

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for haha: 
[haha@zb-yunwei-test-203-51 ~]$ cd /wqf/lnmp_soft/
[haha@zb-yunwei-test-203-51 lnmp_soft]$ ll

没有报错，成功！
2.使用visudo命令直接编辑

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
haha    ALL=(ALL)       ALL

按o另起一行对应haha用户的格式赋予另一个用户权限
添加如下：

XXX ALL=(ALL) ALL

XXX ALL=(ALL) NOPASSWD:ALL(出于方便，推荐使用此设置)

第一种方式：允许用户XXX执行sudo命令（需要输入密码）。

第二种方式：允许用户XXX执行sudo命令，并且在执行的时候不输入密码。

验证：图中普通用户对tomcat压缩包并没有操作权限，验证能够解开

[haha@zb-yunwei-test-203-51 lnmp_soft]$ ll
total 46M
drwxr-xr-x 5 root root  4.0K Apr 18 16:46 .
drwxr-xr-x 5 root root   172 Apr 18 16:45 ..
-rw-r--r-- 1 root root  8.8M Mar 27  2018 apache-tomcat-8.0.30.tar.gz
-rw-r--r-- 1 root root  9.1M Mar 27  2018 apache-tomcat-9.0.6.tar.gz
-rwxr-xr-x 1 root root   102 Mar 27  2018 buffer.sh

使用命令 sudo tar -xvf apache-tomcat-9.0.6.tar.gz

[haha@zb-yunwei-test-203-51 lnmp_soft]$ sudo tar -xvf apache-tomcat-9.0.6.tar.gz 
apache-tomcat-9.0.6/conf/
apache-tomcat-9.0.6/conf/catalina.policy
apache-tomcat-9.0.6/conf/catalina.properties
apache-tomcat-9.0.6/conf/context.xml
apache-tomcat-9.0.6/conf/jaspic-providers.xml
apache-tomcat-9.0.6/conf/jaspic-providers.xsd
apache-tomcat-9.0.6/conf/logging.properties
apache-tomcat-9.0.6/conf/server.xml
apache-tomcat-9.0.6/conf/tomcat-users.xml
apache-tomcat-9.0.6/conf/tomcat-users.xsd
apache-tomcat-9.0.6/conf/web.xml
apache-tomcat-9.0.6/bin/configtest.sh
apache-tomcat-9.0.6/bin/daemon.sh
apache-tomcat-9.0.6/bin/digest.sh
apache-tomcat-9.0.6/bin/setclasspath.sh
apache-tomcat-9.0.6/bin/shutdown.sh
apache-tomcat-9.0.6/bin/startup.sh
apache-tomcat-9.0.6/bin/tool-wrapper.sh
apache-tomcat-9.0.6/bin/version.sh
[haha@zb-yunwei-test-203-51 lnmp_soft]$ exit
logout

没有报错，成功！