Linux 增加使用者並賦予suder許可權
Linux 增加使用者並賦予suder許可權
1 增加使用者
[root@test2 ~]#useradd test
2 修改密碼
[root@test2 ~]#passwd test
3 修改sudoers檔案
[root@test2 ~]# cd /etc/
[root@test2 etc]# ll | grep sudoers
-r--r-----. 1 root root 4002 Mar 2 2012 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
#增加檔案寫許可權
[root@test2 etc]# chmod 600 sudoers
[root@test2 etc]# ll | grep sudoers
-rw-------. 1 root root 4002 Mar 2 2012 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
#在適當的位置增加一行
test ALL=(ALL) ALL
如下:
[root@test2 etc]# vi sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Disable "ssh hostname sudo", because it will show the password in clear.
# You have to run "ssh -t hostname sudo".
#
Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
test ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
"sudoers" 118L, 4029C written
4 收回寫許可權
[root@test2 etc]# chmod 440 sudoers
[root@test2 etc]# ll | grep sudoers
-r--r----- 1 root root 4029 Nov 18 09:27 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
[root@test2 etc]#
5 測試
[root@test2 etc]# su - test
[root@test2 ~]$ sudo su -
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for test:
[root@test2 ~]#
test使用者可以切換到root使用者執行!
1 增加使用者
[root@test2 ~]#useradd test
2 修改密碼
[root@test2 ~]#passwd test
3 修改sudoers檔案
[root@test2 ~]# cd /etc/
[root@test2 etc]# ll | grep sudoers
-r--r-----. 1 root root 4002 Mar 2 2012 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
#增加檔案寫許可權
[root@test2 etc]# chmod 600 sudoers
[root@test2 etc]# ll | grep sudoers
-rw-------. 1 root root 4002 Mar 2 2012 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
#在適當的位置增加一行
test ALL=(ALL) ALL
如下:
[root@test2 etc]# vi sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Disable "ssh hostname sudo
# You have to run "ssh -t hostname sudo
#
Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
test ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
"sudoers" 118L, 4029C written
4 收回寫許可權
[root@test2 etc]# chmod 440 sudoers
[root@test2 etc]# ll | grep sudoers
-r--r----- 1 root root 4029 Nov 18 09:27 sudoers
drwxr-x---. 2 root root 4096 Jan 24 2013 sudoers.d
[root@test2 etc]#
5 測試
[root@test2 etc]# su - test
[root@test2 ~]$ sudo su -
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for test:
[root@test2 ~]#
test使用者可以切換到root使用者執行!
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29500582/viewspace-1337131/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- linux新增使用者,並賦予root許可權Linux
- mysql 建立新使用者 並賦予許可權MySql
- MYSQL 建立賬戶,並賦予許可權MySql
- sqlserver 賦予許可權的問題SQLServer
- exchange 賦予其他使用者訪問mailbox許可權AI
- oracle建立/刪除表空間、建立/刪除使用者並賦予許可權Oracle
- Ubuntu下給普通或新增使用者賦予sudo許可權Ubuntu
- 【轉】使用Navicat for Oracle新建表空間、使用者及許可權賦予Oracle
- linux編寫.sh指令碼並賦許可權Linux指令碼
- Oracle 11g建立使用者並賦許可權Oracle
- linux給普通使用者增加ssh許可權Linux
- 講解Oracle系統中使用者許可權的賦予和檢視Oracle
- Ubuntu 建立新的使用者並且賦予特權Ubuntu
- Oracle給普通使用者賦予查詢動態效能檢視的許可權Oracle
- LightDB/PostgreSQL標準業務建立語句【賦予讀寫許可權和只讀許可權】SQL
- SQL Server中sysobjects含義及批量賦予許可權的方法SQLServerObject
- Windows Server 使用ICACLS在命令列給檔案賦予許可權WindowsServer命令列
- linux使用者許可權Linux
- 老闆:讓你新增一個mysql使用者並給予許可權這麼費勁嗎?MySql
- Linux — 使用者組、許可權Linux
- Linux使用者與許可權Linux
- Linux使用者、組、許可權管理Linux
- linux5-使用者許可權Linux
- Linux-許可權管理(ACL許可權)Linux
- Sqlserver 2014 用指令碼批次賦予使用者可以執行儲存過程的許可權SQLServer指令碼儲存過程
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- mysql8.0新增使用者,並指定許可權MySql
- Oracle 使用者、物件許可權、系統許可權Oracle物件
- Linux許可權Linux
- linux新增使用者、使用者組、許可權Linux
- 使用者許可權繼承另一使用者的許可權繼承
- linux給使用者新增sudo許可權Linux
- linux為使用者新增sudo許可權Linux
- 【許可權管理】Oracle中檢視、回收使用者許可權Oracle
- mysql主給備賦予許可權時報錯,MySQL [Err] 1055 - Expression #1 of ORDER BY clause is not in GROUP BY clauseMySqlExpress
- Linux 許可權管理之目錄許可權限制Linux
- oracle使用者許可權Oracle
- mysql使用者許可權MySql