Introduction to User Rights delegation configuration under Centos (Linux)

Introduction to User Rights delegation configuration under Centos (Linux)

When it comes to delegation of authority, it is very important for a service to run normally, and the bigger the right, the greater the responsibility, the greater the liability, and the worst harm, when the privilege is compared, the error operation will cause catastrophic damage to the application, so be absolutely careful in the allocation of authority, of course, the general Enterprise, For the permission assignment is very detailed, for the same service will be divided into different operation permissions, so relatively more secure. This problem can be directly identified by the corresponding responsible person. Today we will introduce the user rights delegation under CentOS, first of all we know that CentOS (Linux) under the largest rights account is root, similar to the environment in Windows Administrator, belong to the global administrator, the service has full operational rights My environment is this, the personal habitual use of root privileges to service operations, due to recent audits, the person responsible for the root of the password changes, a new user, and the use of ordinary user login, after modifying the service can not be saved, so for the above environmental issues summed up a bit, Share to children's shoes in need.

In fact, there are many ways to assign permissions control: Today we will introduce two kinds.

1. Add root permissions to new users

2. Delegate sudo permissions to new users;

We have created a new user in the environment, with the following command

Adduser Gavin--Add user Gavinpass Gavin--Set new password for Gavin users xxxxxxx Enter custom New password xxxxxxx-Input Confirm Custom new password

Then we use the Gavin user to log in and modify the Hosts file

Vim/etc/hosts

When modified, save prompts the user for an action of only ReadOnly

650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M02/7A/4E/wKioL1anLJmDyQGjAAB_REUnKWA355.jpg" height= "484"/>

vim/etc/passwd

To modify the ID value of a new user Gavin user

Note: We can see the first line, the root ID is 0

650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "Http://s3.51cto.com/wyfs02/M00/7A/4E/wKiom1anLFejNrhVAADhaXjfQ4s970.jpg" height= "393"/>

Change the ID of the user Gavin to 0

This way, regardless of whether you use root or the newly added user Gavin, the root message will be displayed when you log in.

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M01/7A/4E/wKioL1anLJ6QA70gAAEl_xSDL6U521.jpg" height= "464"/>

Method Two: Delegate sudo permissions to the new user

Vim/etc/sudoers

Find the # #Allow root to run any command anywhere line, and then there will be root all= (all) of all information;

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M01/7A/4E/wKiom1anLFyiDtMgAADrMlLKdlA317.jpg" height= "430"/>

Add a row

Gavin All= (All) all

650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image010" src= "http://s3.51cto.com/wyfs02/M02/7A/4E/wKioL1anLKLzsL94AAEmfPuCp98844.jpg" height= "484"/>

This saves the exit,

Then the normal user must use Sudo + vim to modify the service.

Note:

If the user name does not have Superuser privileges, when you enter the sudo + command, the system prompts:

. The code is as follows:

Gavin is not in the sudoers file. This incident would be reported.

Resolution: 1. Enter Super User mode. Enter "Su", the system will let you enter the super user password, enter the password and enter the Super User mode.

650) this.width=650; "title=" clip_image012 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image012" src= "http://s3.51cto.com/wyfs02/M02/7A/4E/wKiom1anLF-RUl79AACbc_8tW6c469.jpg" height= "221"/>

2. Add Write permission to the file.

. The code is as follows:

U here refers to the file owner

+w Adding writable Permissions

U+x means only the current user has writable permissions

chmod u+w/etc/sudoers

650) this.width=650; "title=" clip_image014 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image014" src= "http://s3.51cto.com/wyfs02/M00/7A/4E/wKiom1anLGDRUmwDAAAjWX0opSc968.jpg" height= "/>"

650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;margin:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://s3.51cto.com/wyfs02/M00/7A/4E/wKioL1anLKbBzt46AADipGxeo08435.jpg" height= "413"/>

This allows sudo vim/etc/hosts to operate the user Service.

650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image018 "src=" http://s3.51cto.com/wyfs02/M00/7A/4F/wKiom1anLGPhfS9UAAA5mDzgOpI949.jpg "height="/>

4. Revoke the Write permission of the file.

. The code is as follows:

chmod u-w/etc/sudoers

This article from "Gao Wenrong" blog, declined reprint!

Introduction to User Rights delegation configuration under Centos (Linux)