linux 中如何给普通用户添加sudo权限


001、普通用户一般没有sudo权限

复制代码
[zhangsan01@pc1 ~]$ ls
[zhangsan01@pc1 ~]$ yum install httpd        ## 直接无法调用yum仓库
Loaded plugins: fastestmirror, langpacks
You need to be root to perform this command.
[zhangsan01@pc1 ~]$ sudo yum install httpd    ## sudo 需要输入sudo密码

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for zhangsan01:                        ## 说明用户不在sudoers 文件中
zhangsan01 is not in the sudoers file.  This incident will be reported.
复制代码

 

002、将用户zhangsan01添加至sudoersfile文件中

以root身份在终端输入如下命令:visudo

 

找到该行: root    ALL=(ALL)       ALL,并在其下面增加如下:

zhangsan01      ALL=(ALL)       ALL, 然后保存退出。

复制代码
##
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
zhangsan01      ALL=(ALL)       ALL          ## 增加改行,表示zhangsan01用户可以使用所有的sudo权限

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
:wq!                                             ## 保存退出
复制代码

 

 

003、使用普通用户zhangsan01测试sudo权限

a、测试 sudo yum

复制代码
[zhangsan01@pc1 ~]$ ls
[zhangsan01@pc1 ~]$ whoami                        ## 列出当前用户
zhangsan01
[zhangsan01@pc1 ~]$ sudo yum install httpd        ## zhangsan01调用sudo yum命令
[sudo] password for zhangsan01:
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.qlu.edu.cn
 * extras: mirrors.qlu.edu.cn
 * updates: mirrors.qlu.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved
复制代码

 

b、测试sudo ls /root/

[zhangsan01@pc1 ~]$ whoami                            ## 列出当前用户
zhangsan01
[zhangsan01@pc1 ~]$ ls /root/                         ## 直接列出 /root/失败
ls: cannot open directory /root/: Permission denied
[zhangsan01@pc1 ~]$ sudo ls /root/                    ## 使用 sudo列出  /root/
anaconda3        Desktop    Downloads             Music     Public     Videos
anaconda-ks.cfg  Documents  initial-setup-ks.cfg  Pictures  Templates

 。

 

004、仅对zhangsan01开放部分的root权限

复制代码
[root@pc1 home]# vim /etc/sudoers                    ## 编辑配置文件
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
zhangsan01      ALL=(ALL)       /bin/yum       ## 增加该行,对zhangsan01仅仅添加了/bin/yum以root身份执行的权限

## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
:wq!                                         ## 保存退出
复制代码

 

005、测试zhangsan01此时的sudo权限

a、测试sudo yum

复制代码
[zhangsan01@pc1 ~]$ sudo yum install httpd          ## 可以正常运行 sudo yum
[sudo] password for zhangsan01:
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirror.lzu.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-99.el7.centos.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved
复制代码

 

b、测试zhangsan01 其他的sudo权限,比如sudo ls /root/

[zhangsan01@pc1 ~]$ whoami
zhangsan01
[zhangsan01@pc1 ~]$ sudo ls /root/                 ## 不能正常执行,pc1是主机名称
Sorry, user zhangsan01 is not allowed to execute '/bin/ls /root/' as root on pc1.
[zhangsan01@pc1 ~]$ sudo useradd newuser01         ## 不能正常执行; 说明zhangsan01没有除了sudo yum以外其他的sudo权限了
Sorry, user zhangsan01 is not allowed to execute '/sbin/useradd newuser01' as root on pc1.

 。

 

posted @   小鲨鱼2018  阅读(1294)  评论(0编辑  收藏  举报
相关博文:
·  linux 中如何给普通用户增加管理员权限
·  linux 中 实现对用户名进行更改
·  centos_和ubuntu一样使用sudo(简单配置)
·  centos7中为普通用户添加sudo权限
·  Linux学习笔记(34)Linux给普通用户配置sudo权限
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律
历史上的今天:
2021-12-30 R语言中判断两个数据框是否完全相同
2021-12-30 R语言中order排序出现2大于10的情况?
2021-12-30 R语言中NA的判断
2020-12-30 centos7 中 安装gcc编译器
2020-12-30 vmware虚拟机安装mint-20全过程
2020-12-30 vmware虚拟机安装deepin20全过程
2020-12-30 vmware虚拟机安装openSUSE-Leap-15.2全过程
点击右上角即可分享
微信分享提示
AI IDE Trae