linux 中如何给普通用户添加sudo权限
001、普通用户一般没有sudo权限
[zhangsan01@pc1 ~]$ ls [zhangsan01@pc1 ~]$ yum install httpd ## 直接无法调用yum仓库 Loaded plugins: fastestmirror, langpacks You need to be root to perform this command. [zhangsan01@pc1 ~]$ sudo yum install httpd ## sudo 需要输入sudo密码 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for zhangsan01: ## 说明用户不在sudoers 文件中 zhangsan01 is not in the sudoers file. This incident will be reported.
002、将用户zhangsan01添加至sudoersfile文件中
以root身份在终端输入如下命令:visudo
找到该行: root ALL=(ALL) ALL,并在其下面增加如下:
zhangsan01 ALL=(ALL) ALL, 然后保存退出。
## ## Allow root to run any commands anywhere root ALL=(ALL) ALL zhangsan01 ALL=(ALL) ALL ## 增加改行,表示zhangsan01用户可以使用所有的sudo权限 ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) :wq! ## 保存退出
003、使用普通用户zhangsan01测试sudo权限
a、测试 sudo yum
[zhangsan01@pc1 ~]$ ls [zhangsan01@pc1 ~]$ whoami ## 列出当前用户 zhangsan01 [zhangsan01@pc1 ~]$ sudo yum install httpd ## zhangsan01调用sudo yum命令 [sudo] password for zhangsan01: Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.qlu.edu.cn * extras: mirrors.qlu.edu.cn * updates: mirrors.qlu.edu.cn Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed --> Finished Dependency Resolution Dependencies Resolved
b、测试sudo ls /root/
[zhangsan01@pc1 ~]$ whoami ## 列出当前用户 zhangsan01 [zhangsan01@pc1 ~]$ ls /root/ ## 直接列出 /root/失败 ls: cannot open directory /root/: Permission denied [zhangsan01@pc1 ~]$ sudo ls /root/ ## 使用 sudo列出 /root/ anaconda3 Desktop Downloads Music Public Videos anaconda-ks.cfg Documents initial-setup-ks.cfg Pictures Templates
。
004、仅对zhangsan01开放部分的root权限
[root@pc1 home]# vim /etc/sudoers ## 编辑配置文件 ## Allow root to run any commands anywhere root ALL=(ALL) ALL zhangsan01 ALL=(ALL) /bin/yum ## 增加该行,对zhangsan01仅仅添加了/bin/yum以root身份执行的权限 ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d :wq! ## 保存退出
005、测试zhangsan01此时的sudo权限
a、测试sudo yum
[zhangsan01@pc1 ~]$ sudo yum install httpd ## 可以正常运行 sudo yum [sudo] password for zhangsan01: Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.tuna.tsinghua.edu.cn * extras: mirror.lzu.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed --> Finished Dependency Resolution Dependencies Resolved
b、测试zhangsan01 其他的sudo权限,比如sudo ls /root/
[zhangsan01@pc1 ~]$ whoami zhangsan01 [zhangsan01@pc1 ~]$ sudo ls /root/ ## 不能正常执行,pc1是主机名称 Sorry, user zhangsan01 is not allowed to execute '/bin/ls /root/' as root on pc1. [zhangsan01@pc1 ~]$ sudo useradd newuser01 ## 不能正常执行; 说明zhangsan01没有除了sudo yum以外其他的sudo权限了 Sorry, user zhangsan01 is not allowed to execute '/sbin/useradd newuser01' as root on pc1.
。
