一 需求
授权普通用户可以添加其他用户
二 实战
root用户操作
visudo
lw ALL=/usr/sbin/useradd
lw ALL=/usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd "", !/usr/bin/passwd root
lw用户操作
[lw@localhost ~]$ sudo /usr/sbin/useradd user4
[sudo] password for lw:
[lw@localhost ~]$ cat /etc/passwd |grep user4
user4:x:1005:1010::/home/user4:/bin/bash
[lw@localhost ~]$ sudo -l
Matching Defaults entries for lw on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION
LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME
LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User lw may run the following commands on this host:
(ALL) /sbin/shutdown -r now
(root) /usr/sbin/useradd
(root) /usr/bin/passwd
[lw@localhost ~]$ sudo /usr/bin/passwd user4
Changing password for user user4.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[lw@localhost ~]$ sudo /usr/bin/passwd root
[sudo] password for lw:
Sorry, user lw is not allowed to execute '/usr/bin/passwd root' as root on localhost.localdomain.
[lw@localhost ~]$
[lw@localhost ~]$ sudo /usr/bin/passwd
[sudo] password for lw:
Sorry, user lw is not allowed to execute '/usr/bin/passwd' as root on localhost.localdomain.
[lw@localhost ~]$ vi /etc/shadow
[lw@localhost ~]$ ll /etc/shadow
----------. 1 root root 1699 Aug 5 15:34 /etc/shadow