一 sudo权限
root把本来只能超级用户执行的命令赋予普通用户执行。
sudo的操作对象是系统命令。
二 sudo使用
visudo
实际修改的是/etc/sudoers文件
root ALL=(ALL) ALL
用户名 被管理主机的地址=(可使用的身份) 授权命令(绝对路径)
%wheel ALL=(ALL) ALL
%组名 被管理主机的地址=(可使用的身份) 授权命令(绝对路径)
sudo -l
查看可用的sudo命令
sudo /sbin/shutdown -r now
普通用户执行sudo赋予的权限
三 授权普通用户可以重启服务器
1、root用户操作
visudo
lw ALL=(ALL) /sbin/shutdown -r now
2、lw用户操作
[lw@localhost av]$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lw:
Matching Defaults entries for lw on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME
HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG
LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User lw may run the following commands on this host:
(ALL) /sbin/shutdown -r now
[lw@localhost av]$ sudo /sbin/shutdown -r now
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.