文章最后更新时间:2025年06月11日
前言
sudo授权说明
root 身份操作:执行 visudo 命令,赋予普通用户权限命令,命令执行后和 vi 一样使用。
- 用户名 被管理主机的地址(IP地址)=(可使用的身份) 授权命令(绝对路径)
root ALL=(ALL) ALL - 组名 被管理主机的地址=(可使用的身份) 授权命令(绝对路径)
(组名前边要加上%wheel ALL=(ALL) ALL%)
新建用户及用户组
[root@VM-20-5-centos ~]# groupadd admin
[root@VM-20-5-centos ~]# useradd app -g admin
[root@VM-20-5-centos ~]# id app
uid=1004(app) gid=1004(admin) groups=1004(admin)
[root@VM-20-5-centos ~]# visudo
[root@VM-20-5-centos ~]# cat /etc/sudoers | grep admin
%admin ALL=/usr/bin/yum
普通用户查询sudo权限
[app@VM-20-5-centos ~]$ sudo -l
[sudo] password for app:
Matching Defaults entries for app on VM-20-5-centos:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG
LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User app may run the following commands on VM-20-5-centos:
(root) /usr/bin/yum
[app@VM-20-5-centos ~]$ yum install nginx
Loaded plugins: fastestmirror, langpacks
You need to be root to perform this command.
[app@VM-20-5-centos ~]$ sudo yum install nginx
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
os | 3.6 kB 00:00:00
updates
参考配置
%admin ALL=(ALL) /usr/bin/yum install,\
/usr/bin/tail -n 100 /var/log/*,\
/usr/bin/systemctl restart *,\
/usr/bin/journalctl -u *,\
/usr/sbin/logrotate -f /etc/logrotate.d/*,\
/usr/sbin/reboot
文章版权声明:除非注明,否则均为柳三千运维录原创文章,转载或复制请以超链接形式并注明出处。
