Shulou(Shulou.com)06/03 Report--

How to achieve the decentralization of users (ordinary users cannot execute some commands because of their permissions, so they need to be authorized by advanced users to execute commands)

1.sudo can delegate some super permissions specifically, and ordinary users do not need to know the root password, so sudo is more secure than su with unrestricted permissions.

2.sudo can delegate some super permissions pertinently, and ordinary users do not need to know the root password, so sudo is more secure than su with unrestricted permissions. The process of executing commands in sudo is that the current user switches to root, and then executes the command as root. When the execution is completed, it is returned to the current user directly, and the premise is that authorization needs to be carried out through the configuration file / etc/sudoers of sudo.

Configuration file syntax and test method

/ etc/sudoers

Visudo

User hostname = (newly executed identity) NOPASSWD: command

Note: NOPASSWD is more convenient and does not require any further operation.

Westos server0.example.com= (root) / usr/sbin/useradd

Westos server0.example.com= (root) NOPASSWD / usr/sbin/useradd

Specific operation: (Xiaobai summary: no need to think, just remember)

1 Open a shell,ctrl+shift+t under the root user, open a new page, and create a user westos

two。 Use the su- command to switch the current user to the ordinary user westos

3. Set up a user le under an ordinary user and find that it cannot be created.

4. View the path of the normal user host name and command

5. Edit visudo under advanced users, in order to achieve decentralization, so that ordinary users can establish users.

Westos server0.example.com= (root) NOPASSWD / usr/sbin/useradd

(7) use sudo call to complete the user establishment of ordinary user westos. Realize the decentralization of users' power.

As shown above, you can try to do other delegated useradd userdel with more practice

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.