前言
sudo授权说明
root身份操作:执行visudo命令,赋予普通用户权限命令,命令执行后和vi一样使用。
用户名 被管理主机的地址(IP地址)=(可使用的身份) 授权命令(绝对路径)
root ALL=(ALL) ALL
组名 被管理主机的地址=(可使用的身份) 授权命令(绝对路径)
%wheel ALL=(ALL) ALL
(组名前边要加上%)
新建用户及用户组
[root@VM-20-5-centos ~]# groupadd admin [root@VM-20-5-centos ~]# useradd app -g admin [root@VM-20-5-centos ~]# id app uid=1004(app) gid=1004(admin) groups=1004(admin) [root@VM-20-5-centos ~]# visudo [root@VM-20-5-centos ~]# cat /etc/sudoers | grep admin %admin ALL=/usr/bin/yum
普通用户查询sudo权限
[app@VM-20-5-centos ~]$ sudo -l [sudo] password for app: Matching Defaults entries for app on VM-20-5-centos: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User app may run the following commands on VM-20-5-centos: (root) /usr/bin/yum [app@VM-20-5-centos ~]$ yum install nginx Loaded plugins: fastestmirror, langpacks You need to be root to perform this command. [app@VM-20-5-centos ~]$ sudo yum install nginx Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile epel | 4.3 kB 00:00:00 extras | 2.9 kB 00:00:00 os | 3.6 kB 00:00:00 updates
参考配置
%admin ALL=(ALL) /usr/bin/yum install,\ /usr/bin/tail -n 100 /var/log/*, /usr/bin/systemctl restart *,\ /usr/bin/journalctl -u *,\ /usr/sbin/logrotate -f /etc/logrotate.d/*,\ /usr/sbin/reboot
文章版权声明:除非注明,否则均为柳三千运维录原创文章,转载或复制请以超链接形式并注明出处。
