sudo use (Linux user authorization)

Sudo Use

 

Directory

How to add sudo to a user Permissions ... 2

1th Chapter Sudu Introduction: ... 2

2nd Chapters How to authorize: ... 2

2.1 Authorized User Single command ... 2

2.2 authorized user Multiple commands ... 4

2.3 authorize command groups, exclude individual commands from them ... 6

2.4 Authorized--- no need to enter a password ... 7

How to add sudo permissions to a user

1th ChapterSuduIntroduction:

sudo in order to resolve, the non-administrator root user authorization to use the root of some of the column commands to use.

2nd ChapterHow to authorize:

Use Visudo to edit the contents of the 98th line of the configuration file (the system environment does not necessarily have the same number of rows), insert the authorization information on line 98th:

2.1 Authorized User Single command

example 2-1 authorizing Peng User cat commands

### Pre-Authorization

[[Email protected]]$ cat/etc/fstab

Cat:/etc/fstab:permission denied

[[Email protected]]$

## Authorization Process root operation:

#vim Edit Insert the following line

98 root all= (All) all

Peng All= (All)/usr/bin/cat

100

## Validation Results

[[Email protected]~]$ sudo-l

Matchingdefaults entries for Peng on the This host:

Requiretty,!VISIBLEPW, Always_set_home,env_reset, env_keep= "COLORS DISPLAY HOSTNAME histsize INPUTRC kdedirls_colors" , env_keep+= "MAIL PS1 PS2 qtdir USERNAME LANG lc_address

Lc_ctype ", env_keep+=" Lc_collatelc_identification lc_measurement lc_messages ", env_keep+=" LC_MONETARYLC_NAME LC_ NUMERIC lc_paper Lc_telephone ", env_keep+=" Lc_time lc_alllanguage

Linguas _xkb_charset xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User Pengmay Run the following commands on this host:

(All)/usr/bin/cat

[[Email protected]~]$

### View

[[Email protected]~]$ cat/etc/fstab

Cat:/etc/fstab:permission denied

[Email protected]~]$ sudo cat/etc/fstab

#

#/etc/fstab

# CreatedBy Anaconda on Fri Nov 21 18:16:53 2014

#

#Accessible filesystems, by reference, is maintained under '/dev/disk '

# See Manpages Fstab (5), Findfs (8), mount (8) and/or Blkid (8) for more info

#

UUID=6634633E-001D-43BA-8FAB-202F1DF93339/EXT4 defaults,barrier=0 1 1

[[Email protected]~]$

2.2 authorized user Multiple commands

Authorizing user Peng,ls commands and Cat commands

#root Perform the authorization process
#命令的绝对路径

[[email protected]~]# which LS

aliasls= ' ls--color=auto '

/usr/bin/ls

[Email protected]~]# which cat

/usr/bin/cat

[[Email protected]~]#

# configuration file Contents:

98 root all= (All) all

Peng All= (All)/usr/bin/cat,/usr/bin/ls

# # Allowsmembers of the ' sys ' group to run networking, software,

# # Servicemanagement Apps and more.

## Validation Results

[[Email protected]~]$ sudo-l

[Sudo]password for Peng:

Matchingdefaults entries for Peng on the This host:

User Pengmay Run the following commands on this host:

(All)/usr/bin/cat, (All)/usr/bin/ls

[[Email protected]~]$

[Email protected]~]$ sudo ls/root/

Default.pass default.pass.bak edu list.md5 README.txt

[[Email protected]~]$ ls/root/

Ls:cannotopen directory/root/: Permission denied

[Email protected]~]$ sudo cat/etc/fstab

#

#/etc/fstab

# CreatedBy Anaconda on Fri Nov 21 18:16:53 2014

#

#Accessible filesystems, by reference, is maintained under '/dev/disk '

# See Manpages Fstab (5), Findfs (8), mount (8) and/or Blkid (8) for more info

#

UUID=6634633E-001D-43BA-8FAB-202F1DF93339/EXT4 defaults,barrier=0 1 1

[[Email protected]~]$ cat/etc/fstab

Cat:/etc/fstab:permission denied

[[Email protected]~]$

2.3authorize command groups, exclude individual commands from them

# Authorization Command Path

[Email protected]~]# ls/usr/bin/|wc-l

1044

[[Email protected]~]#

## all commands under authorization/usr/bin/, excluding RM commands

#root Authorization Process

# # Allowroot to run any commands anywhere

Root all= (All) all

Peng All= (All)/usr/bin/*,!/usr/bin/rm

# # Allowsmembers of the ' sys ' group to run networking, software,

## Validation

[[Email protected]~]$ sudo-l

[Sudo]password for Peng:

Matchingdefaults entries for Peng on the This host:

User Pengmay Run the following commands on this host:

(All)/usr/bin/*, (All)!/usr/bin/rm

[Email protected]~]$ sudo ls/root/

Default.pass default.pass.bak edu list.md5 README.txt

[Email protected]~]$ sudo rm-rf/root/list.md5

Sorry, Userpeng is not allowed to execute '/bin/rm-rf/root/list.md5 ' as root onmapeng-edu.

[Email protected]~]$ sudo cat/root/list.md5

81f349ed6e7de0a7f230c184f8735fdb Default.pass

81f349ed6e7de0a7f230c184f8735fdb Default.pass.bak

[[Email protected]~]$

2.4Authorization---Do not need to enter a password

## Authorization Process

# # Allowroot to run any commands anywhere

Root all= (All) all

Peng All= (All) nopasswd:/usr/bin/*,!/usr/bin/rm

# # Allowsmembers of the ' sys ' group to run networking, software,

## authorization is not required to enter a password

[[Email protected]~]$ sudo-l

Matchingdefaults entries for Peng on the This host:

Linguas _xkb_charset xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User Pengmay Run the following commands on this host:

(All) NOPASSWD:/usr/bin/*, (All)!/usr/bin/rm

[[Email protected]~]$

This article is from "Pony Brother" blog, please make sure to keep this source http://oldma.blog.51cto.com/12664250/1981367

sudo use (Linux user authorization)