SUDO 操作详解

 

 

sudo

 

install

[root@aa-test-02 ~]# yum install sudo

 

edit configure files

[root@aa-test-02 sudoers.d]# visudo -f /etc/sudoers

[root@aa-test-02 sudoers.d]# cat /etc/sudoers

[root@aa-test-02 sudoers.d]# cat /etc/sudoers

henry.hu ALL=(ALL) NOPASSWD: ALL, !/bin/su

 

need to password

[root@aa-test-02 sudoers.d]# cat /etc/sudoers

 

### This file is Puppet Managed !!!

### Pls don't edit here

 

## User Aliases

## These aren't often necessary, as you can use regular groups

## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname

## rather than USERALIAS

User_Alias PUPPETADMINS = henry.hu, dante.zhou, hntcnadmin

 

## Command Aliases

## These are groups of related commands...

 

## Networking

Cmnd_Alias NETWORKING = /sbin/route *, /sbin/ifup *, /sbin/ifdown *, /sbin/ifconfig *, /bin/ping *, /sbin/dhclient *, /usr/bin/net *, /sbin/iptables *, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

 

## Installation and management of software

# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

 

## Services

Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

 

## Updating the locate database

# Cmnd_Alias LOCATE = /usr/bin/updatedb

 

## Storage

Cmnd_Alias STORAGE = /sbin/fdisk *, /sbin/cfdisk *, /sbin/sfdisk *, /sbin/parted *, /sbin/partprobe, /bin/mount *, /bin/umount

 

## Delegating permissions

# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

 

## Processes

Cmnd_Alias PROCESSES = /bin/nice *, /bin/kill *, /usr/bin/kill *, /usr/bin/killall

 

## Drivers

# Cmnd_Alias DRIVERS = /sbin/modprobe

 

## Puppet CMDs

Cmnd_Alias PUPPETCMD = /usr/bin/puppet agent *,/usr/bin/puppet node *, /usr/bin/puppet cert *, /usr/bin/puppet clean *, /usr/bin/facter, /usr/bin/vim /etc/puppet/modules/*, /usr/bin/tail -f /var/log/*, /usr/bin/tail /var/log/*

 

## User-Group to CMD

PUPPETADMINS ALL = NETWORKING, STORAGE, PROCESSES, PUPPETCMD, SERVICES

#

 

[root@aa-test-02 sudoers.d]#