linux sudo許可權配置

    這裡記錄一下linux的sudo簡單配置過程，備後查。

    1、root開啟sudo配置檔案

[root@centos ~]# visudo

    2、sudo配置項

## Next comes the main part: which users can run what software on

## which machines (the sudoers file can be shared between multiple

## systems).

## Syntax:

##

##      user    MACHINE=COMMANDS

##

## The COMMANDS section may have other options added to it.

##

## Allow root to run any commands anywhere

root    ALL=(ALL)       ALL

mysql   ALL=(ALL)       ALL  #配置mysql使用者等同root使用者執行的所有命令

    3、配置mysql免密執行

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

#includedir /etc/sudoers.d

mysql localhost=(root) NOPASSWD:ALL

    4、root修改mysql的密碼

[root@centos ~]# passwd mysql

    5、mysql新增mysql使用者的sudo密碼，sudo密碼是第4部設定的mysql作業系統層的密碼

-bash-4.1$ sudo uname

[sudo] password for mysql: 

Linux

-bash-4.1$

    6、檢視sudo配置

[root@centos ~]# sudo -l

Matching Defaults entries for root on this host:

    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",

    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT

    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS

    _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User root may run the following commands on this host:

    (ALL) ALL

[root@centos ~]# 

     7、mysql使用者測試sudo是否正確

-bash-4.1$ sudo mkdir /test1

-bash-4.1$ ls -l /test1

total 0

-bash-4.1$ rm -rf /test1

rm: cannot remove `/test1': Permission denied

-bash-4.1$ sudo rm -rf /test1

-bash-4.1$ ls -l /test1

ls: cannot access /test1: No such file or directory

-bash-4.1$ 

    linux的sudo配置完成！