Many servers, management personnel on each server, root authority flooding, often lead to file inexplicably lost, veteran and novice to the server of different familiarity, security instability and operational security problems.
Second, the programmeUse the sudo configuration to specify that the user can execute only the specified command
2.1 Creating a User# 通过用户别名定义用户集CHUJIADMINS 初始运维GWNETADMINS 网络工程师CHUJI_KAIFA 初级开发# 通过命令别名定义权限集CY_CMD_1 初级运维GY_CMD_1 高级运维CK_CMD_1 初级开发GK_CMD_1 高级开发GW_CMD_1 高级运维
2.2 sudo configuration# 建立3个初级运维,一个高级运维,一个网络工程师,一个运维经理,密码统一是111111for user in chuji001 chuji002 chuji003 senior001 net001 manager001do useradd $user echo "111111"|passwd --stdin $userdone# 建立5个开发人员,属于phpers组,一个高级开发,一个开发经理groupadd -g 666 phpersfor n in `seq 5`do useradd -g phpers php00$n echo "111111"|passwd --stdin php00$ndonefor user in seniorphpers kaifamanager001do useradd $user echo "111111"|passwd --stdin $userdone
# #User_AliasUser_Alias Chujiadmins = Chuji001,chuji002,chuji003user_alias Gwnetadmins = Net001user_alias Chuji_kaifa = %phpers # phpers Group # #Cmnd_Alias Cmnd_alias cy_cmd_1 =/usr/bin/free,/usr/bin/iostat,/usr/bin/top,/bin/hostname,/sbi N/ifconfig,/bin/netstat,/sbin/routecmnd_alias gy_cmd_1 =/usr/bin/free,/usr/bin/iostat,/usr/bin/top,/bin/hostname ,/sbin/ifconfig,/bin/netstat,/sbin/route,/sbin/iptables,/etc/init.d/network,/bin/nice,/bin/kill,/usr/bin/kill, /usr/bin/killall,/bin/rpm,/usr/bin/up2date,/usr/bin/yum,/sbin/fdisk,/sbin/sfdisk,/sbin/parted,/sbin/partprobe, /bin/mount,/bin/umountcmnd_alias ck_cmd_1 =/usr/bin/tail/app/log*,/bin/grep/app/log*,/bin/cat,/bin/lscmnd_alias Gk_cmd_1 =/sbin/service,/sbin/chkconfig,/usr/bin/tail/app/log*,/bin/grep/app/log*,/bin/cat,/bin/ls,/bin/sh ~/ Scripts/deploy.shcmnd_alias gw_cmd_1 =/sbin/route,/sbin/ifconfig,/bin/ping,/sbin/dhclient,/usr/bin/net,/sbin/ iptables,/usr/bin/rfcom,/usr/bin/wvdial,/sbin/iwconfig,/sbin/mii-tool,/bin/cat/var/log/*# #RUnas_aliasrunas_alias OP = root # Normal user operation using root user Role # #pri configsenior001 all= (OP) gy_cmd_1manager001 All= (All) nopasswd:allkaifamanager001 all= (All) all,/usr/bin/passwd [a-za-z]*,!/usr/bin/passwd root,!/usr/sbin/ Visudo,!/usr/bin/vi *sudoer*seniorphpers all= (OP) gk_cmd_1chujiadmins all= (OP) cy_cmd_1gwnetadmins ALL= (O P) Gw_cmd_1chuji_kaifa all= (OP) ck_cmd_1Third, referencefor user in chuji001 chuji002 chuji003 senior001 net001 manager001do userdel -r $userdonefor n in `seq 5`do userdel -r php00$ndonefor user in seniorphpers kaifamanager001do userdel -r $userdonegroupdel phpers
Enterprise Project Case 1-centralized management of user rights scenarios-problem analysis
Centralized management scheme for Linux user rights
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
