In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
In the linux system, some ordinary users need to use root accounts to perform some operations, but we can't give the root password to ordinary users, so we have sudo.
Sudo can temporarily switch to a specified account to operate.
How to use it:
Sudo [- u user account] commands to be executed. When switching to root, you can execute sudo commands directly.
Sudo-l: lists all commands that can be executed
Conditions of use:
You must execute visudo as root and add users who need to execute sudo commands
When you execute visudo, you actually modify the / etc/sudoers file
Why use visudo instead of vim / etc/sudoers directly? This is the factor visudo can check the syntax after the modification is completed.
Use visudo-c for syntax checking. When there is a syntax error in the sudoers file, all sudo commands cannot be used
Modify the configuration:
[root@web1 ~] # visudo
Root ALL= (ALL) ALL Host_Alias FILESERVERS = fs1,fs2
User role aliases that can be switched-- > Runas_Alias OP = root
Command alias-- > Cmnd_Alias SERVICES = / sbin/service,/sbin/chkconfig
When do I use an alias?
A: when there are generally multiple system users at work and need to classify and manage users at different levels
Actual instance of alias:
Job requirements:
Developer: User_Alias KAIFA_ADMINS = kaifa01,kaifa02
Command permission: KAFACMD
Identity permission: KAIFA_ADMINS
Operation staff: User_Alias OLD_ADMINS = oldboy,oldgirl,%sa
Command permission: USERCMD,NETMAGCMD,CTRLCMD,DISKCMD
Identity permission: OP1
Network engineer: User_Alias OLD_NETADMINS = leo,maya
Command permission: NETMAGCMD
Identity permission: OP2
# user grouping-> people in the same position are put in a group
User_Alias OLD_ADMINS = oldboy,oldgirl,%sa
User_Alias OLD_NETADMINS = leo,maya
User_Alias KAIFA_ADMINS = kaifa01,kaifa02
# similar command grouping
Cmnd_Alias USERCMD = / usr/sbin/useradd,/usr/sbin/userdel,/usr/bin/passwd [A-Za-z] *, / bin/chown,/bin/chmod
Cmnd_Alias DISKCMD = / sbin/fdisk,/sbin/parted
Cmnd_Alias NETMAGCMD = / sbin/ifconfig,/etc/init.d/network
Cmnd_Alias CTRLCMD = / usr/sbin/reboot,/usr/sbin/halt
Cmnd_Alias KAFACMD = / bin/grep,/usr/bin/tail,/bin/cat
# roles
Runas_Alias OP1 = root,oldboy
Runas_Alias OP2 = root,oldgirl
# Licensing
KAIFA_ADMINS ALL= (OP1) KAFACMD
OLD_ADMINS ALL= (OP1) USERCMD,DISKCMD,NETMAGCMD,CTRLCMD
OLD_NETADMINS ALL= (OP2) NETMAGCMD
Sudo audit:
Record only the commands that the user executes when using sudo
You only need to add the following to the / etc/sudoers file to achieve sudo audit
Echo "Defaults logfile=/var/log/sudo.log" > > / etc/sudoers
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.