[oldboy@oldboyedu ~]$ ls /root
ls: cannot open directory /root: Permission denied
完成上面的動(dòng)作。
給oldboy用戶萝风,針對(duì)ls設(shè)置權(quán)限。
visudo進(jìn)入編輯狀態(tài),100G
## Allow root to run any commands anywhere
root? ? ALL=(ALL)? ? ? ALL
oldboy? ALL=(ALL)? ? ? /usr/bin/ls,/bin/cp? #<===增加一行
用戶? ? ? ? 主機(jī)=(角色)? ? ? 命令
注意:
1、路徑要全路徑:
which cp查
2荞膘、不要vim /etc/sudoers編輯贸弥,如果非要用編輯完visudo -c檢查語(yǔ)法
oldboy是管理員禁荒,并且不要密碼:
oldboy? ALL=(ALL)? ? ? NOPASSWD: ALL
登錄后切到root運(yùn)行叉抡。
[oldboy@oldboyedu ~]$ sudo su - root
Last login: Tue Mar 26 10:32:57 CST 2019 on pts/3
[root@oldboyedu ~]#
為了安全禁止root遠(yuǎn)程連接linux尔崔。
工作中如何登錄?使用普通用戶登錄然后利用sudo提權(quán)到root褥民。
Wecomle to oldboy training 58期季春。
[oldboy@oldboyedu ~]$ whoami
oldboy
[oldboy@oldboyedu ~]$ sudo ls /root
a.txt? c.txt? data1? etc? ? ? oldboy ? ? oldboy_b ? ? oldboy_soft_link? pass? test.txt ? user.log
b.txt? d? ? ? d.txt? grep.txt? oldboy_1.txt? oldboyedu.txt? oldboy.txt ? ? ? test? test.txt.ori
[oldboy@oldboyedu ~]$
[oldboy@oldboyedu ~]$ sudo su -
Last login: Tue Mar 26 11:42:09 CST 2019 on pts/0
[root@oldboyedu ~]#
[root@oldboyedu ~]# su - oldboy
Last login: Tue Mar 26 10:44:08 CST 2019 on pts/3
[oldboy@oldboyedu ~]$ ls /root
ls: cannot open directory /root: Permission denied
[oldboy@oldboyedu ~]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
? ? #1) Respect the privacy of others.
? ? #2) Think before you type.
? ? #3) With great power comes great responsibility.
[sudo] password for oldboy:
Matching Defaults entries for oldboy on oldboyedu:
User oldboy may run the following commands on oldboyedu:
? ? (ALL) /bin/ls
[oldboy@oldboyedu ~]$ sudo ls /root
a.txt? c.txt? data1? etc? ? ? oldboy ? ? oldboy_b ? ? oldboy_soft_link? pass? test.txt ? user.log
b.txt? d? ? ? d.txt? grep.txt? oldboy_1.txt? oldboyedu.txt? oldboy.txt ? ? ? test? test.txt.ori
[oldboy@oldboyedu ~]$ ls /root
ls: cannot open directory /root: Permission denied
[oldboy@oldboyedu ~]$
3 - 26? ?命令筆記
groupadd 添加用戶組
-g 指定組ID
chage 改變用戶密碼屬性
-l 顯示用戶的密碼信息
- E 修改賬戶過(guò)期時(shí)間
? id 查看用戶身份
? whoami 查看當(dāng)前登錄用戶
? w 查看所有用戶
? last 顯示登錄過(guò)的用戶信息
? lastlog 查看最近登錄過(guò)的報(bào)告
? su 用戶身份切換
? - 攜帶環(huán)境變量登錄
sudo 允許指定用戶執(zhí)行某命令期間擁有root角色權(quán)限
? -l 查看獲得的權(quán)限
? ? visudo 編輯sudo配置文件文件命令
? -l 檢查配置文件語(yǔ)法
