Linux permission series--add sudo permission for a command to ordinary users

Language 2023-08-23 02:56:53 views: null

Original URL: Linux Permissions Series--Add sudo permissions for a certain command to ordinary users

Introduction

illustrate

This article introduces how to add sudo permission for a command to ordinary users in the Linux system.

scenes to be used

Ordinary developers may need sudo commands:

apt-get (often to install software)
service
make install (often to compile and install)

Ordinary developers cannot have commands with sudo privileges:

passwd(不能修改其他用户密码)
vi sudo/chown/chmod/chgrp(不能修改sudo,不能修改其他用户文件的访问权限)
ls/vim (不能查看和编辑其他用户目录和文件)

Goal of this article

Add the sudo permission of the following commands to the ordinary user (knife user):

  1. shutdown
  2. reboot
  3. halt

step

Switch to the root user

Enter on the command line: su, press Enter, and then enter the password (that is, your login password, and the password is invisible by default).

Add write permission to /etc/sudoers

The sudoers file is read-only by default, and it is also for root, so you need to add the write permission of the sudoers file first, and execute the following command:

chmod u+w /etc/sudoers

Edit the sudoers file

Execute the following command:

vi /etc/sudoers

Add configuration at the end of the file (where knife is your username):

knife   ALL=(ALL:ALL) NOPASSWD: /sbin/shutdown,/sbin/reboot,/sbin/halt

Note: It must be placed at the end of the file so that it can be effective, otherwise it may be affected by other group configurations. 

as follows:

revoke sudoers file write permission

chmod u-w /etc/sudoers

test

Switch to the knife user

su knife

Execute the shutdown command 

sudo shutdown

result:

The permission meaning of sudoers

user permissions

# 允许用户myUser使用sudo执行命令(需要输入密码)。
myUser ALL=(ALL:ALL) ALL
# 允许用户youuser使用sudo执行命令,并且在执行的时候不输入密码。
myUser ALL=(ALL:ALL) NOPASSWD: ALL

 group permissions

# 允许用户组myUser里面的用户使用sudo执行sudo命令(需要输入密码)。
%myUser ALL=(ALL) ALL 
# 允许用户组myUser里面的用户使用sudo执行命令,并且在执行的时候不输入密码。
%myUser ALL=(ALL) NOPASSWD: ALL

example

root    ALL=(ALL:ALL) ALL

The above configuration means: The root user can execute any command on any machine with any combination of any user and any user group.

  • root: user (%admin means user group)
  • ALL=: All hosts (sudoers configuration may be used on multiple machines)
  • ALL:: any user
  • :ALL: any user group
  • ALL: any command

other urls

Linux adds sudo permissions to ordinary users - Programmer Sought

Guess you like

Origin blog.csdn.net/feiying0canglang/article/details/128165781
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com