Linux系统之普通用户sudo提权配置
2023-09-14 09:09:23 时间
Linux系统之普通用户sudo提权配置
一、检查本地系统版本
检查本地环境的操作系统版本,本次实践为centos7.6版本。
[root@docker ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
二、创建redhat普通用户
1.创建redhat用户
[root@docker ~]# useradd redhat
2.为redhat用户设置密码
[root@docker ~]# passwd redhat
Changing password for user redhat.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
3.查询创建用户相关命令的绝对路径
[root@docker ~]# which useradd
/usr/sbin/useradd
[root@docker ~]# which passwd
/usr/bin/passwd
[root@docker ~]# which userdel
/usr/sbin/userdel
三、编辑/etc/sudoers文件
[root@docker ~]# vim /etc/sudoers
[root@docker ~]# grep redhat /etc/sudoers
redhat ALL=(ALL) /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel
四、检查redhat用户权限
1.切换到redhat用户
[root@docker ~]# su - redhat
[redhat@docker ~]$
2.新建huawei账号
[redhat@docker ~]$ sudo useradd huawei
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for redhat:
3.查看新创建用户
[redhat@docker ~]$ id huawei
uid=1002(huawei) gid=1002(huawei) groups=1002(huawei)
4.为huawei账号设置密码
[redhat@docker ~]$ sudo passwd huawei
Changing password for user huawei.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
5.删除huawei账号
[redhat@docker ~]$ sudo userdel huawei
[redhat@docker ~]$ id huawei
id: huawei: no such user
五、批量用户授权
1.设置别名
[root@docker ~]# grep -Evn '^#|^$|^##' /etc/sudoers
22:User_Alias ADMINS = zhangsan, lisi
30:Cmnd_Alias USERTEST = /usr/sbin/useradd, /usr/bin/passwd, /usr/sbin/userdel
59:Defaults !visiblepw
68:Defaults always_set_home
69:Defaults match_group_by_gid
77:Defaults always_query_group_plugin
79:Defaults env_reset
80:Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
81:Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
82:Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
83:Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
84:Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
92:Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
104:root ALL=(ALL) ALL
105:redhat ALL=(ALL) /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel
112:%wheel ALL=(ALL) ALL
2.配置sudo授权
[root@docker ~]# grep ADMINS /etc/sudoers
# User_Alias ADMINS = jsmith, mikem
User_Alias ADMINS = zhangsan, lisi
ADMINS ALL=(ALL) USERTEST
六、测试批量授权效果
1.新建用户zhangsan
[root@docker ~]# useradd zhangsan
[root@docker ~]# passwd zhangsan
Changing password for user zhangsan.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
2.切换zhangsan用户
[root@docker ~]# su - zhangsan
3.新建lisi用户并设置密码
[zhangsan@docker ~]$ sudo useradd lisi
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for zhangsan:
[zhangsan@docker ~]$ sudo passwd lisi
Changing password for user lisi.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
4.切换lisi用户
[zhangsan@docker ~]$ su - lisi
Password:
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)
5.切换lisi用户
[zhangsan@docker ~]$ su - lisi
Password:
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)
6.测试lisi用户权限
[lisi@docker ~]$ sudo useradd user
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lisi:
[lisi@docker ~]$ sudo passwd user
Changing password for user user.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[lisi@docker ~]$ id user
uid=1004(user) gid=1004(user) groups=1004(user)
[lisi@docker ~]$ sudo userdel user
[lisi@docker ~]$ id user
id: user: no such user
相关文章
- 安装配置Linux系统下USB鼠标安装配置指南(linuxusb鼠标)
- 地址Linux系统查询内网IP地址指南(linux内网ip)
- 装Linux命令:包装你的操作系统(linux命令包)
- 安装在Linux下快速高效安装Caffe(linux下caffe)
- 进程Linux下修改init进程的步骤(linux修改init)
- Linux进程崩溃:预防与修复(linux进程崩溃)
- Linux系统上播放SWF动画的方法(linux播放swf)
- 功能Linux系统开启审计功能实现增强安全(linux开启审计)
- Linux 系统防护:反病毒防御(linux反病毒)
- 系统Linux下新建文件夹的简易步骤(文件夹创建linux)
- 银行Linux系统运维:稳定保障财富(银行linux运维)
- Linux下如何设置系统日期时间(linux日期设置)
- Linux查看系统时区的最佳实践(linux查看系统时区)
- 完整拷贝Linux操作系统:必要步骤(拷贝整个linux系统)
- Linux网络编程:探索新的职业机会(linux网络编程工作)
- Linux分支系统:探索开源世界(linux的分支)
- 标题:关闭Linux系统的防火墙(关闭linux的防火墙)
- 学习Linux系统,看这个视频!(linux系统使用视频)
- 探究雨林木风系统下的Linux操作系统(雨林木风系统linux)
- 消费者Linux下实现生产者消费者模型(linux生产者)
- 教你快速安装U盘Linux系统(u盘linux安装教程)
- 系统使用SSH登录远程Linux系统(登陆远程linux)
- Linux 设置IP:简单步骤和常用命令(linux设置ip命令)
- 轻松管理Linux系统:掌握Linux软件管家的使用技巧(linux软件管家)
- 监控Linux Top进程监控实时了解系统性能(linux top 进程)