Directory
How to add sudo to a user Permissions ... 2
1th Chapter Sudu Introduction: ... 2
2nd Chapters How to authorize: ... 2
2.1 Authorized User Single command ... 2
2.2 authorized user Multiple commands ... 4
2.3 authorize command groups, exclude individual commands from them ... 6
2.4 Authorized--- no need to enter a password ... 7
How to add sudo permissions to a user
1th ChapterSuduIntroduction:
sudo in order to resolve, the non-administrator root user authorization to use the root of some of the column commands to use.
2nd ChapterHow to authorize:
Use Visudo to edit the contents of the 98th line of the configuration file (the system environment does not necessarily have the same number of rows), insert the authorization information on line 98th:
2.1 Authorized User Single command
example 2-1 authorizing Peng User cat commands
### Pre-Authorization
[[Email protected]]$ cat/etc/fstab
Cat:/etc/fstab:permission denied
[[Email protected]]$
## Authorization Process root operation:
#vim Edit Insert the following line
98 root all= (All) all
Peng All= (All)/usr/bin/cat
100
## Validation Results
[[Email protected]~]$ sudo-l
Matchingdefaults entries for Peng on the This host:
Requiretty,!VISIBLEPW, Always_set_home,env_reset, env_keep= "COLORS DISPLAY HOSTNAME histsize INPUTRC kdedirls_colors" , env_keep+= "MAIL PS1 PS2 qtdir USERNAME LANG lc_address
Lc_ctype ", env_keep+=" Lc_collatelc_identification lc_measurement lc_messages ", env_keep+=" LC_MONETARYLC_NAME LC_ NUMERIC lc_paper Lc_telephone ", env_keep+=" Lc_time lc_alllanguage
Linguas _xkb_charset xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User Pengmay Run the following commands on this host:
(All)/usr/bin/cat
[[Email protected]~]$
### View
[[Email protected]~]$ cat/etc/fstab
Cat:/etc/fstab:permission denied
[Email protected]~]$ sudo cat/etc/fstab
#
#/etc/fstab
# CreatedBy Anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, is maintained under '/dev/disk '
# See Manpages Fstab (5), Findfs (8), mount (8) and/or Blkid (8) for more info
#
UUID=6634633E-001D-43BA-8FAB-202F1DF93339/EXT4 defaults,barrier=0 1 1
[[Email protected]~]$
2.2 authorized user Multiple commands
Authorizing user Peng,ls commands and Cat commands
#root Perform the authorization process
#命令的绝对路径
[[email protected]~]# which LS
aliasls= ' ls--color=auto '
/usr/bin/ls
[Email protected]~]# which cat
/usr/bin/cat
[[Email protected]~]#
# configuration file Contents:
98 root all= (All) all
Peng All= (All)/usr/bin/cat,/usr/bin/ls
# # Allowsmembers of the ' sys ' group to run networking, software,
# # Servicemanagement Apps and more.
## Validation Results
[[Email protected]~]$ sudo-l
[Sudo]password for Peng:
Matchingdefaults entries for Peng on the This host:
User Pengmay Run the following commands on this host:
(All)/usr/bin/cat, (All)/usr/bin/ls
[[Email protected]~]$
[Email protected]~]$ sudo ls/root/
Default.pass default.pass.bak edu list.md5 README.txt
[[Email protected]~]$ ls/root/
Ls:cannotopen directory/root/: Permission denied
[Email protected]~]$ sudo cat/etc/fstab
#
#/etc/fstab
# CreatedBy Anaconda on Fri Nov 21 18:16:53 2014
#
#Accessible filesystems, by reference, is maintained under '/dev/disk '
# See Manpages Fstab (5), Findfs (8), mount (8) and/or Blkid (8) for more info
#
UUID=6634633E-001D-43BA-8FAB-202F1DF93339/EXT4 defaults,barrier=0 1 1
[[Email protected]~]$ cat/etc/fstab
Cat:/etc/fstab:permission denied
[[Email protected]~]$
2.3authorize command groups, exclude individual commands from them
# Authorization Command Path
[Email protected]~]# ls/usr/bin/|wc-l
1044
[[Email protected]~]#
## all commands under authorization/usr/bin/, excluding RM commands
#root Authorization Process
# # Allowroot to run any commands anywhere
Root all= (All) all
Peng All= (All)/usr/bin/*,!/usr/bin/rm
# # Allowsmembers of the ' sys ' group to run networking, software,
## Validation
[[Email protected]~]$ sudo-l
[Sudo]password for Peng:
Matchingdefaults entries for Peng on the This host:
User Pengmay Run the following commands on this host:
(All)/usr/bin/*, (All)!/usr/bin/rm
[Email protected]~]$ sudo ls/root/
Default.pass default.pass.bak edu list.md5 README.txt
[Email protected]~]$ sudo rm-rf/root/list.md5
Sorry, Userpeng is not allowed to execute '/bin/rm-rf/root/list.md5 ' as root onmapeng-edu.
[Email protected]~]$ sudo cat/root/list.md5
81f349ed6e7de0a7f230c184f8735fdb Default.pass
81f349ed6e7de0a7f230c184f8735fdb Default.pass.bak
[[Email protected]~]$
2.4Authorization---Do not need to enter a password
## Authorization Process
# # Allowroot to run any commands anywhere
Root all= (All) all
Peng All= (All) nopasswd:/usr/bin/*,!/usr/bin/rm
# # Allowsmembers of the ' sys ' group to run networking, software,
## authorization is not required to enter a password
[[Email protected]~]$ sudo-l
Matchingdefaults entries for Peng on the This host:
Linguas _xkb_charset xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User Pengmay Run the following commands on this host:
(All) NOPASSWD:/usr/bin/*, (All)!/usr/bin/rm
[[Email protected]~]$
This article is from "Pony Brother" blog, please make sure to keep this source http://oldma.blog.51cto.com/12664250/1981367
sudo use (Linux user authorization)