在redhat 5.4或suse 11以sudo執行需要root使用者許可權的命令

wisdomone1發表於2016-01-06
Redhat

前言

   在oracle使用者編寫一個shell,而其中某行程式碼需要執行root許可權的命令,遂產生此文。

結論

   1,sudo可以在非ROOT使用者執行ROOT許可權,其執行形式:
     [oracle@seconary ~]$ sudo  mount /dev/sdb1 /oradata
   2,不配置SUDO相關配置檔案/etc/sudoers,執行sudo會報oracle is not in the sudoers file.  This incident will be reported.
   3,在配置檔案新增oracle          ALL=(ALL)        ALL,雖可以在非ROOT使用者執行ROOT許可權,但仍要輸入ROOT密碼
   4,在配置檔案新增oracle         ALL=(ALL)        NOPASSWD: ALL,不用輸入ROOT密碼,即可在非ROOT使用者執行ROOT許可權
   5, 以上適用於redhat 5.4
   6, 在suse 11上,僅首次執行sudo要輸入密碼,後面不用再輸入密碼
   7,在suse 11,重啟後同6,首次執行SUDO要輸入密碼,後面不用再輸入密碼


測試



[oracle@seconary ~]$ more /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.4 (Tikanga)


[oracle@seconary ~]$ sudo  mount 10.0.0.39:/nfs_dir /nfs_client


oracle is not in the sudoers file.  This incident will be reported.


[root@seconary ~]# cp /etc/sudoers /etc/sudoers.bak
[root@seconary ~]# 


---新增如下內容
[root@seconary ~]# vi /etc/sudoers
oracle          ALL=(ALL)        ALL


[oracle@seconary ~]$ sudo  mount 10.0.0.39:/nfs_dir /nfs_client
Password: 
[oracle@seconary ~]$ 


---新增如下內容
oracle         ALL=(ALL)        NOPASSWD: ALL


---可以在ORACLE使用者執行ROOT的MOUNT許可權,且不用輸入密碼即可
[oracle@seconary ~]$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      130G   80G   44G  65% /
/dev/sda1              99M   13M   82M  13% /boot
tmpfs                 2.0G  746M  1.3G  38% /dev/shm
/dev/sdc1              17G   14G  1.9G  89% /11204grid
/dev/sdc2              18G   17G   56M 100% /11204rdbms
10.0.0.39:/nfs_dir     67G   22G   43G  34% /nfs_client
[oracle@seconary ~]$ sudo umount /nfs_client
[oracle@seconary ~]$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      130G   80G   44G  65% /
/dev/sda1              99M   13M   82M  13% /boot
tmpfs                 2.0G  746M  1.3G  38% /dev/shm
/dev/sdc1              17G   14G  1.9G  89% /11204grid
/dev/sdc2              18G   17G   56M 100% /11204rdbms
[oracle@seconary ~]$ 




----經測試在suse 11,僅首次執行sudo要輸入ROOT密碼,然後不用再輸入密碼了


oracle@suse11:~> more /etc/issue


Welcome to SUSE Linux Enterprise Server 11 (x86_64) - Kernel \r (\l).


suse11:~ # su - oracle
oracle@suse11:~> sudo mount /dev/sdb1 /oradata


We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:


    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.


root's password:
oracle@suse11:~> df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              67G   22G   43G  34% /
udev                  1.9G  108K  1.9G   1% /dev
/dev/sdb1             3.0G   69M  2.8G   3% /oradata
oracle@suse11:~> sudo umount /oradata
oracle@suse11:~> df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              67G   22G   43G  34% /
udev                  1.9G  108K  1.9G   1% /dev
oracle@suse11:~> 
oracle@suse11:~> 
oracle@suse11:~> 
oracle@suse11:~> df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              67G   22G   43G  34% /
udev                  1.9G  108K  1.9G   1% /dev
oracle@suse11:~> sudo mount /dev/sdb1 /oradata
oracle@suse11:~> 


---重啟後,同上,首次要輸入密碼,然後不用再輸入密碼
suse11:~ # su - oracle
oracle@suse11:~> sudo mount /dev/sdb1 /oradata
root's password:
Sorry, try again.
root's password:
oracle@suse11:~> df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              67G   22G   43G  34% /
udev                  1.9G  108K  1.9G   1% /dev
/dev/sdb1             3.0G   69M  2.8G   3% /oradata

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/9240380/viewspace-1972742/,如需轉載,請註明出處,否則將追究法律責任。

相關文章