Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of user rights delegation configuration under Centos. The article is very detailed and has a certain reference value. Interested friends must read it!

Introduction to user Rights delegation configuration under Centos (Linux)

When it comes to authority delegation, it is very important for the normal operation of a service, and it is often said in enterprises that the greater the authority, the greater the responsibility, and of course, the harm is the greatest. When comparing permissions, misoperation will cause catastrophic damage to the application, so you should be absolutely careful in the allocation of permissions. Of course, in general, in large enterprises, the allocation of permissions is very detailed. The same service will be divided into different operation permissions, so it is relatively safe. In this way, if something goes wrong, we can directly find out the corresponding responsible person. Today, we will introduce the delegation of user rights under Centos. First of all, we all know that the largest permission account under Centos (Linux) is root, similar to administrator in windows, which belongs to the global administrator and has full permission to operate the service. My environment is like this, individuals habitually use root permissions for service operations, due to the recent audit, the person in charge changed the password of root and created a new ordinary user, but after using ordinary users to log in, they cannot save after modifying the service, so summarize the above environmental problems and share them with children's shoes in need.

In fact, there are many ways to assign access control: today we will introduce two.

1. Add root permissions to new users

two。 Delegate sudo permissions to new users

We created a new user in the environment with the following command

Adduser gavin-- > add user gavinpass gavin-- > set New password for gavin user xxxxxxx-> enter Custom New password xxxxxxx-- > enter confirm Custom New password

Then we use the gavin user to log in and modify the hosts file

Vim / etc/hosts

After modification, save prompts that the user's action is only a readonly operation

Vim / etc/passwd

Modify the id value of a new user gavin user

Note: we can see the first line, the id of root is 0

Just change the id of the user gavin to 0

In this way, regardless of the use of root or the newly added user gavin, the root information will be displayed after login, which is root permission.

Method 2: delegate sudo permissions to new users

Vim / etc/sudoers

Find the # # Allow root to run any command anywhere line, and then you will have information about root ALL= (ALL) ALL

Add a row

Gavin ALL= (ALL) ALL

Just save and exit in this way.

Then when ordinary users make changes to the service, they must use sudo + vim to modify them.

Note: if the user name does not have superuser privileges, when entering the sudo + command, the system prompts:

. The code is as follows:

Gavin is not in the sudoers file. This incident will be reported.

Solution: 1. Enter superuser mode. That is, enter "su", the system will ask you to enter the super user password, enter the password to enter the superuser mode.

two。 Add write permissions for the file.

. The code is as follows:

U here refers to the file owner + w to add writeable permissions chmod Ubunx means that only the current user has writeable permissions UBWUBW / etc/sudoers

In this way, sudo vim / etc/hosts will have permission to operate the user service.

4. Revoke write permissions for the file.

. The code is as follows:

Chmod Umurw / etc/sudoers above are all the contents of this article entitled "sample Analysis of user Rights delegation configuration under Centos". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.