CentOS7系列--1.6CentOS7配置sudo

CentOS7配置sudo

如果一些用户共享权限，配置sudo是为了分离用户的职责

1. 将root 的权限传递给所有用户

[root@centos7 ~]# visudo

添加下面的内容到最后一行，使jack拥有root的所有权限

jack ALL=(ALL) ALL

[root@centos7 ~]# su - jack

Last login: Fri Oct 27 06:52:31 CST 2017 from 192.168.1.100 on pts/0

[jack@centos7 ~]$ /usr/bin/cat /etc/shadow

/usr/bin/cat: /etc/shadow: Permission denied

[jack@centos7 ~]$ sudo /usr/bin/cat /etc/shadow

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

[sudo] password for jack:

root:$6$LpF2wUDowE.JSaw1$Gg8PQluOh2el9dFgzsgd/YwiCy9pw9.nAVvmV3lQwwj9gbZqySmsU2xxvvPId1mJ6mUSd04FPMhD.1jV5aKpp0::0:99999:7:::

bin:*:17110:0:99999:7:::

daemon:*:17110:0:99999:7:::

adm:*:17110:0:99999:7:::

lp:*:17110:0:99999:7:::

2. 配置一些命令不能通过sudo执行

[root@centos7 ~]# visudo

在Cmnd_Alias后一行添加

Cmnd_Alias USERMGR = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd'

在最后一行添加

%usermgr ALL=(ALL) USERMGR

[root@centos7 ~]# groupadd usermgr

[root@centos7 ~]# usermod -G usermgr jack

[jack@centos7 ~]# sudo /usr/sbin/useradd testuser

[jack@centos7 ~]# sudo /usr/bin/passwd testuser

Changing password for user testuser.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

passwd: all authentication tokens updated successfully.

3. 传递root的部分权限到用户的sudo

[root@centos7 ~]# visudo

添加下面的内容到最后一行，使各用户拥有root的部分权限

jack ALL=(ALL) /usr/sbin/visudo

fedora ALL=(ALL) /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd

ubuntu ALL=(ALL) /bin/vi