Original URL: Linux Permissions Series--Add sudo permissions for a certain command to ordinary users
Introduction
illustrate
This article introduces how to add sudo permission for a command to ordinary users in the Linux system.
scenes to be used
Ordinary developers may need sudo commands:
apt-get (often to install software)
service
make install (often to compile and install)
Ordinary developers cannot have commands with sudo privileges:
passwd(不能修改其他用户密码)
vi sudo/chown/chmod/chgrp(不能修改sudo,不能修改其他用户文件的访问权限)
ls/vim (不能查看和编辑其他用户目录和文件)
Goal of this article
Add the sudo permission of the following commands to the ordinary user (knife user):
- shutdown
- reboot
- halt
step
Switch to the root user
Enter on the command line: su, press Enter, and then enter the password (that is, your login password, and the password is invisible by default).
Add write permission to /etc/sudoers
The sudoers file is read-only by default, and it is also for root, so you need to add the write permission of the sudoers file first, and execute the following command:
chmod u+w /etc/sudoers
Edit the sudoers file
Execute the following command:
vi /etc/sudoers
Add configuration at the end of the file (where knife is your username):
knife ALL=(ALL:ALL) NOPASSWD: /sbin/shutdown,/sbin/reboot,/sbin/halt
Note: It must be placed at the end of the file so that it can be effective, otherwise it may be affected by other group configurations.
as follows:
revoke sudoers file write permission
chmod u-w /etc/sudoers
test
Switch to the knife user
su knife
Execute the shutdown command
sudo shutdown
result:
The permission meaning of sudoers
user permissions
# 允许用户myUser使用sudo执行命令(需要输入密码)。
myUser ALL=(ALL:ALL) ALL
# 允许用户youuser使用sudo执行命令,并且在执行的时候不输入密码。
myUser ALL=(ALL:ALL) NOPASSWD: ALL
group permissions
# 允许用户组myUser里面的用户使用sudo执行sudo命令(需要输入密码)。
%myUser ALL=(ALL) ALL
# 允许用户组myUser里面的用户使用sudo执行命令,并且在执行的时候不输入密码。
%myUser ALL=(ALL) NOPASSWD: ALL
example
root ALL=(ALL:ALL) ALL
The above configuration means: The root user can execute any command on any machine with any combination of any user and any user group.
- root: user (%admin means user group)
- ALL=: All hosts (sudoers configuration may be used on multiple machines)
- ALL:: any user
- :ALL: any user group
- ALL: any command
other urls
Linux adds sudo permissions to ordinary users - Programmer Sought