Shulou(Shulou.com)06/02 Report--

Use / etc/sudoers to set user aliases and command aliases to set permissions and commands for each user type to control user permissions and commands that can be used

Host alias

# Host_Alias FILESERVERS = fs1, fs2

User alias

Group alias

# User_Alias ADMINS = jsmith, mikem# User_alias AdminsGroup=%xbin

Command alias

# Cmnd_Alias SOFTWARE = / bin/rpm, / usr/bin/up2date, / usr/bin/yum

Configuration

User host = (host) command

Root ALL= (ALL) ALL

Sudoers file configuration

[root@xbin-S ~] # grep-v "# #" / etc/sudoers

# Host_Alias FILESERVERS = fs1, fs2# Host_Alias MAILSERVERS = smtp, smtp2# User_Alias ADMINS = jsmith, mikem# Cmnd_Alias NETWORKING = / sbin/route, / sbin/ifconfig, / bin/ping, / sbin/dhclient, / usr/bin/net, / sbin/iptables, / usr/bin/rfcomm, / usr/bin/wvdial, / sbin/iwconfig, / sbin/mii-tool# Cmnd_Alias SOFTWARE = / bin/rpm, / usr/bin/up2date / usr/bin/yum# Cmnd_Alias SERVICES = / sbin/service, / sbin/chkconfig# Cmnd_Alias LOCATE = / usr/bin/updatedb# Cmnd_Alias STORAGE = / sbin/fdisk, / sbin/sfdisk, / sbin/parted, / sbin/partprobe, / bin/mount, / bin/umount# Cmnd_Alias DELEGATING = / usr/sbin/visudo, / bin/chown, / bin/chmod, / bin/chgrp # Cmnd_Alias PROCESSES = / bin/nice, / bin/kill, / usr/bin/kill / usr/bin/killall# Cmnd_Alias DRIVERS = / sbin/modprobe# Defaults specification## Refuse to run if unable to disable echo on the tty.#Defaults! visiblepw## Preserving HOME has security implications since many programs# use it when searching for configuration files. Note that HOME# is already set when the the env_reset option is enabled So# this option is only effective for configurations where either# env_reset is disabled or HOME is present in the env_keep list.#Defaults always_set_homeDefaults env_resetDefaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" Defaults env_keep + = "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep + = "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep + = "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep + = "LC_TIME LC_ALL LANGUAGE LINGUAS _ XKB_CHARSET XAUTHORITY" # # Adding HOME to env_keep may enable a user to run unrestricted# commands via sudo.## Defaults env_keep + = "HOME" Defaults secure_path = / sbin:/bin:/usr/sbin:/usr/binroot ALL= (ALL) ALLxbin ALL= (ALL) ALL#% sys ALL= NETWORKING SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS#% wheel ALL= (ALL) ALL#% wheel ALL= (ALL) NOPASSWD: ALL#% users ALL=/sbin/mount / mnt/cdrom, / sbin/umount / mnt/cdrom#% users localhost=/sbin/shutdown-h now#includedir / etc/sudoers.dDefaults logfile=/var/log/sudo.log

Actual combat command

Set up users in batch

For user in chuji001 chuji002 chuji003 net001 senior001 manager001do useradd $user echo "111111" | passwd-stdin $userdonefor n in `seq 5`do useradd-g phpers php00 $n echo "111111" | passwd-stdin php00 $ndonefor user in kaifamanager001 seniorphpersdo useradd $user echo "111111" | passwd-stdin $userdonesudoers configuration file Cmnd_Alias CY_CMD_1 = / usr/bin/free, / usr/bin/iostat, / usr/bin/top, / bin/hostname, / sbin/ifconfig,/bin/netstat / sbin/routeCmnd_Alias GY_CMD_1 = / usr/bin/free, / usr/bin/iostat, / usr/bin/top, / bin/hostname, / sbin/ifconfig,/bin/netstat, / sbin/route, / sbin/iptables, / etc/init.d/network, / bin/nice, / bin/kill/, / usr/bin/kill,/usr/bin/killall, / bin/rpm, / usr/bin/up2data, / user/bin/yum, / sbin/fdisk / sbin/parted, / sbin/partprobe, / bin/mount, / bin/umountCmnd_Alias CK_CMD_1 = / usr/bin/tail / app/log*, / bin/grep / app/log*, / bin/cat, / bin/lsCmnd_Alias GK_CMD_1 = / sbin/service, / sbin/chkconfig, / bin/tail / app/log*, / bin/grep / app/log*, / bin/cat, / bin/ls / bin/sh ~ / scripts/deploy.shCmnd_Alias GW_CMD_1 = / sbin/route, / sbin/ifconfig, / bin/ping, / sbin/dhclient, / usr/bin/net / sbin/iptables, / usr/bin/rfcomm, / usr/bin/wvdial, / sbin/iwconfig, / sbin/mii-tool, / bin/cat / var/log/*User_Alias CHUJIADMINS = chuji001, chuji002 Chuji003User_Alias GWNETADMINS = net001User_Alias CHUJI_KAIFA =% phpersRunas_Alias OP = rootsenior001 ALL= (OP) GY_CMD_1manager001 ALL= (ALL) NOPASSWD:ALLkaifamanager001 ALL= (ALL) ALL, / usr/bin/passwd [A-Za-z] *,! / usr/bin/passwd root,! / usr/sbin/visudo ~ / usr/bin/vi * sudoer*seniorphpers ALL= (OP) GK_CMD_1CHUJIADMINS ALL= (OP) CY_CMD_1GWNETADMINS ALL= (OP) GW_CMD_1CHUJI_KAIFA ALL= (OP) CK_CMD_1

Create 20 users in batch and set the password to 5 random digits

[root@xbin-S ~] # cat test5.sh

#! / bin/bashexport PTAH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/binfor n in `seq 20`do useradd user$n echo "user$ n`echo user$n | md5sum | cut-C1-5`" | passwd-- stdin user$n echo "user$n:user$ n`echo user$n | md5sum | cut-C1-5`" > / tmp/user_passwd.txt # echo "user$ n`echo user$n | md5sum | cut-C1-5`" done

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.