a sudo permission
root assigns commands that can only be executed by super users to ordinary users.
The operation object of sudo is system command.
Two sudo use
visudo
The actual modification is the /etc/sudoers file
root ALL=(ALL) ALL
username the address of the managed host = (usable identity) authorization command (absolute path)
%wheel ALL=(ALL) ALL
% group name address of managed host = (usable identity) authorization command (absolute path)
sudo -l
View available sudo commands
sudo /sbin/shutdown -r now
Ordinary user executes the permissions given by sudo
Three authorized ordinary users can restart the server
1, root user operation
visudo
lw ALL=(ALL) /sbin/shutdown -r now
2, lw user operation
[lw @ localhost av] $ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lw:
Matching Defaults entries for lw on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME
HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG
LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User lw may run the following commands on this host:
(ALL) /sbin/shutdown -r now
[lw@localhost av]$ sudo /sbin/shutdown -r now
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.