sudo authorization tool
Authorize limited management operations to a common user, and can also limit it to execute such commands only on certain hosts; the
operation process will also be recorded in the log for future auditing.
use sudo
Define sudo authorization, configuration file/etc/sudoers
格式 : who which_host=(whom) command
Aliases: Only uppercase letters are allowed
- Host_Alias : which_host
- User_Alias : who
- Runas_Alias : whom
- Cmnd_Alias : command
example:
User_Alias USERS = hadoop
Cmnd_Alias ADMINCMD = /usr/sbin/useradd,/usr/bin/passwd, ! / usr/bin/passwd root
Host_Alias LOCALNET = 172.16.36.215
Runas_Alias ADMIN = root
USERS LOCALNET=(ADMIN) ADMINCMD
Ordinary user hadoop can execute management commands:sudo useradd/passwd
Check out the sudo commands you can use:sudo -l
Set password required or not required, tag:NOPASSWD 、 PASSWD
example:
USERS LOCALNET=(ADMIN) NOPASSWD:/usr/sbin/useradd PASSWD:/usr/bin/passwd