这个问题是我在用普通用户安装软件包时遇到的。这里分享一下。
[fenghx@localhost ~]$ sudo yum install freetds
我们信任您已经从系统管理员那里了解了日常注意事项。
总结起来无外乎这三点:
#1) 尊重别人的隐私。
#2) 输入前要先考虑(后果和风险)。
#3) 权力越大,责任越大。
[sudo] fenghx 的密码:
fenghx 不在 sudoers 文件中。此事将被报告。
[fenghx@localhost ~]$
fenghx是我新建的一个系统用户,当用fenghx用户登陆系统后,使用 sudo 安装 freetds 时,提示:fenghx 不在 sudoers 文件中。此事将被报告。
Linux系统上安装软件需要使用root权限,普通用户要想安装软件需要提升自己的权限,此时需要使用sudo命令,能使用这个命令的用户必须在sudo用户列表中,即sudoers系统配置文件中。所以需要将 fenghx 用户配置到sudoers系统配置文件中。
命令:su - root
[fenghx@localhost ~]$ su - root
密码:
上一次登录:五 2月 10 09:27:10 CST 2023从 xxx.xxx.xxx.xxxpts/0 上
Welcome to BigCloud Enterprise Linux 7 (GNU/Linux 3.10.0-1127.19.1.el7.x86_64 x86_64)
System information as of Fri Feb 10 09:56:52 CST 2023
* System CPU load: 0.25 0.12 0.08 * System uptime: 09:56:52 up 2 days
* Active sessions: 3 * Memory usage: 2127 / 7990 MB
* Processes count: 399
* Get Support :
* Ask Questions:
http://forum.bclinux.org
* Contact US :
MAIL : [email protected] / TEL : 4001-10086-5
58 packages can be updated.
0 updates are security updates.
type 'yum check-update --security' to see details.
[root@localhost ~]#
命令:vim /etc/sudoers
[root@localhost ~]# vim /etc/sudoers
打开文件如下所示:
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
-- 插入 -- W10: 警告: 正在修改一个只读文件
当我准备修改文件配置的时候,进入编辑状态时,最下面命令栏提示:W10:警告:正在修改一个只读文件,也就是说当前的这个系统配置文件没有写的权限。那么就需要修改文件权限再编辑。
命令:chmod u+w /etc/sudoers #其中 u+w的意思是:给当前用户添加写操作权限,即给root用户添加修改sudoers文件的权限。
[root@localhost ~]# ls -al /etc/sudoers
-r--r-----. 1 root root 4328 11月 28 2019 /etc/sudoers
[root@localhost ~]# chmod u+w /etc/sudoers
[root@localhost ~]# ls -al /etc/sudoers
-rw-r-----. 1 root root 4328 11月 28 2019 /etc/sudoers
[root@localhost ~]# vim /etc/sudoers
上面先查看了 sudoers 文件的权限,发现只有读的权限,于是用 chmod 命令添加了写的权限,然后打开文件编辑如下,此时就不会提示上面只读文件的警告了。
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
fenghx ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
-- 插入 --
在 ## Allow root to run any commands anywhere 提示信息的下面的 root行 之后添加你要执行sudo命令的用户,其它和root行内容一样即可,注意:列于列之间用 tab 符分割
保存文件后退出,然后我们用普通用户先来执行关闭防火墙的命令,看能否成功。
[root@localhost ~]# su - fenghx
上一次登录:五 2月 10 13:48:13 CST 2023pts/0 上
[fenghx@localhost ~]$ sudo systemctl stop firewalld
[sudo] fenghx 的密码:
[fenghx@localhost ~]$ sudo firewall-cmd --state
not running
[fenghx@localhost ~]$
以上命令中,先从root用户切换到普通用户fenghx,然后用sudo命令关闭防火墙,发现可以执行,并且没有提示“fenghx 不在 sudoers 文件中。此事将被报告。”的告警信息。并且通过查看防火墙状态,发现确实关闭了,到这里就说明我们已经将普通用户添加到了sudo列表中,可以正常的使用sudo命令来临时提升自己的权限。
验证完之后我们需要重启防火墙。并修改系统配置文件 sudoers 为只读的权限。
[fenghx@localhost ~]$ sudo systemctl start firewalld
[fenghx@localhost ~]$ sudo firewall-cmd --state
running
[fenghx@localhost ~]$ sudo chmod u-w /etc/sudoers
[fenghx@localhost ~]$ sudo ls -al /etc/sudoers
-r--r-----. 1 root root 4350 2月 10 13:51 /etc/sudoers
[fenghx@localhost ~]$
接着在 fenghx 普通用户下,使用 sudo 命令安装软件的时候就可以安装了。