1. vim /etc/sudoers
100 ## Same thing without a password
101 # %wheel ALL=(ALL) NOPASSWD: ALL
102
103 ## Allows members of the users group to mount and unmount the
104 ## cdrom as root
105 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
106
107 ## Allows members of the users group to shutdown this system
108 # %users localhost=/sbin/shutdown -h now
109
110 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
111 #includedir /etc/sudoers.d
112 haha ALL=(ALL) ALL
113
第112行为用户haha赋予系统管理员权限
添加如下:
XXX ALL=(ALL) ALL
XXX ALL=(ALL) NOPASSWD:ALL(出于方便,推荐使用此设置)
第一种方式:允许用户XXX执行sudo命令(需要输入密码)。
第二种方式:允许用户XXX执行sudo命令,并且在执行的时候不输入密码。
验证:重启apache能否成功
[root@zb-yunwei-test-203-51 ~]# vim /etc/sudoers
[root@zb-yunwei-test-203-51 ~]# su - haha
Last login: Mon Apr 20 15:57:30 CST 2020 on pts/1
[haha@zb-yunwei-test-203-51 ~]$ sudo systemctl restart httpd
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for haha:
[haha@zb-yunwei-test-203-51 ~]$ cd /wqf/lnmp_soft/
[haha@zb-yunwei-test-203-51 lnmp_soft]$ ll
没有报错,成功!
2.使用visudo命令直接编辑
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
haha ALL=(ALL) ALL
按o另起一行对应haha用户的格式赋予另一个用户权限
添加如下:
XXX ALL=(ALL) ALL
XXX ALL=(ALL) NOPASSWD:ALL(出于方便,推荐使用此设置)
第一种方式:允许用户XXX执行sudo命令(需要输入密码)。
第二种方式:允许用户XXX执行sudo命令,并且在执行的时候不输入密码。
验证:图中普通用户对tomcat压缩包并没有操作权限,验证能够解开
[haha@zb-yunwei-test-203-51 lnmp_soft]$ ll
total 46M
drwxr-xr-x 5 root root 4.0K Apr 18 16:46 .
drwxr-xr-x 5 root root 172 Apr 18 16:45 ..
-rw-r--r-- 1 root root 8.8M Mar 27 2018 apache-tomcat-8.0.30.tar.gz
-rw-r--r-- 1 root root 9.1M Mar 27 2018 apache-tomcat-9.0.6.tar.gz
-rwxr-xr-x 1 root root 102 Mar 27 2018 buffer.sh
使用命令 sudo tar -xvf apache-tomcat-9.0.6.tar.gz
[haha@zb-yunwei-test-203-51 lnmp_soft]$ sudo tar -xvf apache-tomcat-9.0.6.tar.gz
apache-tomcat-9.0.6/conf/
apache-tomcat-9.0.6/conf/catalina.policy
apache-tomcat-9.0.6/conf/catalina.properties
apache-tomcat-9.0.6/conf/context.xml
apache-tomcat-9.0.6/conf/jaspic-providers.xml
apache-tomcat-9.0.6/conf/jaspic-providers.xsd
apache-tomcat-9.0.6/conf/logging.properties
apache-tomcat-9.0.6/conf/server.xml
apache-tomcat-9.0.6/conf/tomcat-users.xml
apache-tomcat-9.0.6/conf/tomcat-users.xsd
apache-tomcat-9.0.6/conf/web.xml
apache-tomcat-9.0.6/bin/configtest.sh
apache-tomcat-9.0.6/bin/daemon.sh
apache-tomcat-9.0.6/bin/digest.sh
apache-tomcat-9.0.6/bin/setclasspath.sh
apache-tomcat-9.0.6/bin/shutdown.sh
apache-tomcat-9.0.6/bin/startup.sh
apache-tomcat-9.0.6/bin/tool-wrapper.sh
apache-tomcat-9.0.6/bin/version.sh
[haha@zb-yunwei-test-203-51 lnmp_soft]$ exit
logout
没有报错,成功!