环境基本配置如下:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[root@byrd ~]# groupadd sa -g 9087 #建立一个组sa,且组ID为9087 [root@byrd ~]# tail -1 /etc/group sa:x:9087: [root@byrd ~]# useradd leo #建立用户leo [root@byrd ~]# useradd maya [root@byrd ~]# useradd zuma [root@byrd ~]# tail -4 /etc/passwd ett:x:503:504::/home/ett:/bin/bash leo:x:504:9088::/home/leo:/bin/bash maya:x:505:505::/home/maya:/bin/bash zuma:x:506:506::/home/zuma:/bin/bash [root@byrd ~]# passwd ett #设置ett密码 Changing password for user ett. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. [root@byrd ~]# passwd leo Changing password for user leo. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. [root@byrd ~]# passwd maya Changing password for user maya. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. [root@byrd ~]# passwd zuma Changing password for user zuma. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. |
用户别名下增加:
|
0 1 2 3 4 5 6 7 8 9 |
[root@byrd ~]# visudo ## User Aliases # User_Alias ADMINS = jsmith, mikem User_Alias ADMIN = byrd, ett, %sa #管理组,用户包括byrd,ett,和所有sa组成员 User_Alias NETWORKER = leo, maya #网络工程师组 User_Alias USERADMINS = zuma #用户管理组 [root@byrd ~]# visudo visudo: Warning: unused User_Alias ADMIN visudo: Warning: unused User_Alias NETWORKER visudo: Warning: unused User_Alias USERADMINS |
命令别名增加:
|
0 1 2 3 4 5 6 7 8 9 10 |
[root@byrd ~]# visudo Cmnd_Alias USERCMD = /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/passwd [A-Za-z]* #用户命令 Cmnd_Alias DISKCMD = /sbin/fdisk, /sbin/parted #硬盘管理命令 Cmnd_Alias NETWORKOP = /sbin/ifconfig, /etc/inin.d/network #网络维护命令 [root@byrd ~]# visudo visudo: Warning: unused User_Alias ADMIN visudo: Warning: unused Cmnd_Alias DISKCMD visudo: Warning: unused User_Alias NETWORKER visudo: Warning: unused Cmnd_Alias NETWORKOP visudo: Warning: unused User_Alias USERADMINS visudo: Warning: unused Cmnd_Alias USERCMD |
匹配配置:
|
0 1 2 3 4 5 6 |
[root@byrd ~]# visudo ## Allow root to run any commands anywhere root ALL=(ALL) ALL byrd ALL=(ALL) NETWORKOP, USERCMD, DISKCMD #byrd用户拥有NETWORKOP,USERCMD,DISKCMD权限 ADMIN ALL=(ALL) ALL #ADMIN组拥有所有权限 NETWORKER ALL=(ALL) NETWORKOP #网络工程师组用户网络维护命令 USERADMINS ALL=(ALL) USERCMD #用户管理组用户用户命令 |
测试下效果:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
[root@byrd ~]# su - ett #ADMIN组,拥有所有权限 [ett@byrd ~]$ /etc/init.d/network restart [ett@byrd ~]$ sudo /etc/init.d/network restart We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for ett: Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] [ett@byrd ~]$ useradd kkkk -bash: /usr/sbin/useradd: Permission denied [ett@byrd ~]$ sudo useradd kkkk [ett@byrd ~]$ sudo su - [root@byrd ~]# exit logout [ett@byrd ~]$ su - maya #网络工程师组 Password: [maya@byrd ~]$ whoami maya [maya@byrd ~]$ sudo useradd lllll #没有建立用户权限 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for maya: Sorry, user maya is not allowed to execute '/usr/sbin/useradd lllll' as root on byrd. [maya@byrd ~]$ sudo /etc/init.d/network restart #有NETWORKOP权限 [sudo] password for maya: Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] [maya@byrd ~]$ su - zuma #zuma用户修改用户密码建立用户等权限 Password: [zuma@byrd ~]$ sudo /etc/init.d/network restart #没有网络管理命令权限 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for zuma: Sorry, user zuma is not allowed to execute '/etc/init.d/network restart' as root on byrd. [zuma@byrd ~]$ useradd lllll -bash: /usr/sbin/useradd: Permission denied [zuma@byrd ~]$ sudo useradd lllll #用户用户管理权限 [sudo] password for zuma: [zuma@byrd ~]$ tail -1 /etc/passwd lllll:x:508:508::/home/lllll:/bin/bash [zuma@byrd ~]$ passwd ett passwd: Only root can specify a user name. [zuma@byrd ~]$ sudo passwd ett [sudo] password for zuma: Changing password for user ett. New password: BAD PASSWORD: it is too simplistic/systematic BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully. [zuma@byrd ~]$ |
增加用户组:
|
0 1 2 3 4 5 |
[root@byrd ~]# useradd hello -g sa #新增加用户,且主组为sa [root@byrd ~]# id hello uid=510(hello) gid=9087(sa) groups=9087(sa) [root@byrd ~]# useradd hanxiaoer -G sa 增加用户hanxiaoer,且主组为hanxiaoer,从组为sa [root@byrd ~]# id hanxiaoer uid=511(hanxiaoer) gid=511(hanxiaoer) groups=511(hanxiaoer),9087(sa) |
用户组测试
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@byrd ~]# su - hanxiaoer [hanxiaoer@byrd ~]$ sudo useradd luyt [sudo] password for hanxiaoer: [hanxiaoer@byrd ~]$ sudo tail -1 /etc/passwd luyt:x:512:512::/home/luyt:/bin/bash [hanxiaoer@byrd ~]$ sudo passwd luyt Changing password for user luyt. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. [hanxiaoer@byrd ~]$ su - luyt Password: [luyt@byrd ~]$ whoami luyt [luyt@byrd ~]$ |
其他权限没有测试:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
[root@byrd ~]# su - byrd [byrd@byrd ~]$ sudo -l User byrd may run the following commands on this host: (ALL) /sbin/ifconfig, /etc/init.d/network, (ALL) /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/passwd [A-Za-z]*, /bin/chown, /bin/chmod, (ALL) /sbin/fdisk, /sbin/parted (ALL) ALL [byrd@byrd ~]$ whoami byrd [byrd@byrd ~]$ su - ett Password: [ett@byrd ~]$ whoami ett [ett@byrd ~]$ sudo -l [sudo] password for ett: User ett may run the following commands on this host: (ALL) ALL [ett@byrd ~]$ su - maya Password: [maya@byrd ~]$ whoami maya [maya@byrd ~]$ sudo -l [sudo] password for maya: User maya may run the following commands on this host: (ALL) /sbin/ifconfig, /etc/init.d/network [maya@byrd ~]$ su - hanxiaoer Password: [hanxiaoer@byrd ~]$ whoami hanxiaoer [hanxiaoer@byrd ~]$ sudo -l [sudo] password for hanxiaoer: User hanxiaoer may run the following commands on this host: (ALL) ALL [hanxiaoer@byrd ~]$ |
申明:本文由BYRD原创(基于Centos6.4 X64),未经许可禁止转载!文 章 源 自 note.t4x.orgByrd's Blog-https://note.t4x.org/system/visudo-alias-config/ 文 章 源 自 note.t4x.orgByrd's Blog-https://note.t4x.org/system/visudo-alias-config/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
