[root@localhost Desktop]# cd ~
[root@localhost ~]# visudo (sudo权限修改)
Visudo (按a,i,o进入编辑模式)
(:set nu编号,找到第99行左右)
[root@localhost Desktop]# whereis cat 通过whereis 找到cat命令的路径
Cat:/usr/bin/cat/usr/share/man/man1/cat.1.gz/usr/share/man/man1p/cat.1p.gz
[root@localhost Desktop]# whereis ls寻找命令路径
ls:/usr/bin/ls/usr/share/man/man1/ls.1.gz/usr/share/man/man1p/ls.1p.gz
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL(能执行所有的命令)
99 lisi李四用户拥有ALL所有地点=(ALL)最高权限访问
/usr/bin/cat,/usr/bin/ls 使用ls及cat命令权限(注意必须是全命令格式)
esc 进入命令模式, :wq! 强制保存并推出.
[root@localhost ~]# su – lisi 变更到用户李四
[lisi@localhost ~]$ cat /etc/shadow 查看shadow的内容
cat: /etc/shadow: Permission denied 不让查看
[lisi@localhost ~]$ sudo cat /etc/shadow 由于设置过visudo 李四的cat
权限,所以使用sudo cat /etc/shadow 命令,输入密码就可以查看了
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lisi: 输入李四密码
root:$6$LUHZo5fyQvu7wIIT$THPpSKpmp1ojH7gPmXdc1ZOiwuz3TMa1Zj8t7HT2VlFoGAo4di3O1aBiSXTs/e0aO9YnxV1n9NhpCmpegkBQs0:17847:0:99999:7::(sudo命令授权李四可以查看、shadow文档的内容):
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::
adm:*:16141:0:99999:7:::
lp:*:16141:0:99999:7:::
sync:*:16141:0:99999:7:::
shutdown:*:16141:0:99999:7:::
halt:*:16141:0:99999:7:::
mail:*:16141:0:99999:7:::
operator:*:16141:0:99999:7:::
games:*:16141:0:99999:7:::
ftp:*:16141:0:99999:7:::
nobody:*:16141:0:99999:7:::
dbus:!!:17847::::::
polkitd:!!:17847::::::
unbound:!!:17847::::::
colord:!!:17847::::::
usbmuxd:!!:17847::::::
avahi:!!:17847::::::
avahi-autoipd:!!:17847::::::
libstoragemgmt:!!:17847::::::
saslauth:!!:17847::::::
qemu:!!:17847::::::
rpc:!!:17847:0:99999:7:::
