Tip: Linux grants special permissions to common users

Article Title: tip: Linux grants special permissions to common users. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

In Linux, there are usually more than one administrator. If each administrator uses the root identity for management, it is impossible to figure out who should do what. The best way is to create some common users and assign some system management work to them.

We cannot use su to make them directly root, because these users must know the root password. This method is not safe and does not meet our division of labor needs. The general practice is to use permission settings to classify users with special identities into the same working group and set the permissions of the Working Group. For example, the user wwwadm is required to manage website data. Generally, the httpd owner of the Apache Web Server process is www. You can set wwwadm as the same working group as www, set the working group permissions for Apache to store the web directory/usr/local/httpd/htdocs by default to readable, writable, and executable, in this way, every user in this Working Group can manage webpages.

However, this is not the best solution. For example, if the administrator wants to grant the shutdown permission to an ordinary user, the above method is not ideal. You may think that I only want this user to execute the shutdown command as root. It's totally correct. Unfortunately, this feature cannot be implemented in common Linux systems, but sudo is already available in tools.

Sudo assigns privileges to different users by maintaining a database mapped to the user name. These privileges can be identified by different commands listed in the database. To obtain a specific permission, qualified users simply enter the sudo and command name on the command line and enter the password again as prompted (the user's own password, not the root user password ). For example, sudo allows a common user to format a disk, but does not grant other root user privileges.

1. The sudo tool is configured by the file/etc/sudoers, which contains a list of all users who can access the sudo tool and defines their privileges. A typical/etc/sudoers entry is as follows:

Code:

Liming ALL = (ALL) ALL

This entry allows the user liming to access all applications as a Super User. For example, if the user liming needs to run commands as a Super User, he simply needs to add the prefix sudo before the command. Therefore, to run the format command as the root user, liming can enter the following command:

Code:

# Sudo/usr/sbin/useradd sam

Note: The command must write an absolute PATH./usr/sbin is not in the search PATH of a common user by default, or add the PATH: PATH = $ PATH:/usr/sbin; export PATH. In addition, different system commands have different paths. You can use the command "whereis command name" to find the path.

The following output result is displayed:

Code:

We trust you have got ed the usual lecture from the local System

Administrator. It usually boils down to these two things:

#1) Respect the privacy of others.

#2) Think before you type.

Password:

If liming correctly enters the password, the command useradd will be executed as the root user.

Note: The configuration file/etc/sudoers must be edited using the cmddo command.

You only need to add the user name, host name, and license command list to the file/etc/sudoers in the standard format, and save the list to take effect. Let's look at another example.

[1] [2] [3] Next page