Linux系统之普通用户sudo提权配置

2022-11-07 354

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： Linux系统之普通用户sudo提权配置

一、检查本地系统版本

检查本地环境，操作系统版本，本次实践为centos7.6版本。

[root@docker ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

二、创建redhat普通用户

1.创建redhat用户

[root@docker ~]# useradd redhat

2.为redhat用户设置密码

[root@docker ~]# passwd redhat
Changing password for user redhat.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

3.查询创建用户相关命令的绝对路径

[root@docker ~]# which useradd 
/usr/sbin/useradd
[root@docker ~]# which passwd 
/usr/bin/passwd
[root@docker ~]# which userdel 
/usr/sbin/userdel

三、编辑/etc/sudoers文件

[root@docker ~]# vim /etc/sudoers
[root@docker ~]# grep redhat /etc/sudoers
redhat  ALL=(ALL)      /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel

四、检查redhat用户权限

1.切换到redhat用户

[root@docker ~]# su -  redhat
[redhat@docker ~]$

2.新建huawei账号

[redhat@docker ~]$ sudo useradd huawei

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for redhat:

3.查看新创建用户

[redhat@docker ~]$ id huawei
uid=1002(huawei) gid=1002(huawei) groups=1002(huawei)

4.为huawei账号设置密码

[redhat@docker ~]$ sudo passwd huawei
Changing password for user huawei.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

5.删除huawei账号

[redhat@docker ~]$ sudo userdel huawei
[redhat@docker ~]$ id huawei
id: huawei: no such user

五、批量用户授权

1.设置别名

[root@docker ~]# grep -Evn '^#|^$|^##'  /etc/sudoers
22:User_Alias ADMINS = zhangsan, lisi
30:Cmnd_Alias USERTEST =  /usr/sbin/useradd, /usr/bin/passwd, /usr/sbin/userdel 
59:Defaults   !visiblepw
68:Defaults    always_set_home
69:Defaults    match_group_by_gid
77:Defaults    always_query_group_plugin
79:Defaults    env_reset
80:Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
81:Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
82:Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
83:Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
84:Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
92:Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
104:root    ALL=(ALL)     ALL
105:redhat  ALL=(ALL)      /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel
112:%wheel    ALL=(ALL)    ALL

2.配置sudo授权

[root@docker ~]# grep ADMINS /etc/sudoers
# User_Alias ADMINS = jsmith, mikem
User_Alias ADMINS = zhangsan, lisi
ADMINS  ALL=(ALL)    USERTEST

六、测试批量授权效果

1.新建用户zhangsan

[root@docker ~]# useradd zhangsan
[root@docker ~]# passwd zhangsan
Changing password for user zhangsan.
New password: 
BAD PASSWORD: The password contains the user name in some form
Retype new password: 
passwd: all authentication tokens updated successfully.

2.切换zhangsan用户

[root@docker ~]# su - zhangsan

3.新建lisi用户并设置密码

[zhangsan@docker ~]$ sudo useradd lisi

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for zhangsan: 
[zhangsan@docker ~]$ sudo passwd lisi
Changing password for user lisi.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

4.切换lisi用户

[zhangsan@docker ~]$ su - lisi
Password: 
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)

5.切换lisi用户

[zhangsan@docker ~]$ su - lisi
Password: 
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)

6.测试lisi用户权限

[lisi@docker ~]$ sudo useradd user

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lisi: 
[lisi@docker ~]$ sudo passwd user
Changing password for user user.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[lisi@docker ~]$ id user
uid=1004(user) gid=1004(user) groups=1004(user)
[lisi@docker ~]$ sudo userdel user
[lisi@docker ~]$ id user
id: user: no such user

Linux系统之普通用户sudo提权配置

一、检查本地系统版本

二、创建redhat普通用户

1.创建redhat用户

2.为redhat用户设置密码

3.查询创建用户相关命令的绝对路径

三、编辑/etc/sudoers文件

四、检查redhat用户权限

1.切换到redhat用户

2.新建huawei账号

3.查看新创建用户

4.为huawei账号设置密码

5.删除huawei账号

五、批量用户授权

1.设置别名

2.配置sudo授权

六、测试批量授权效果

1.新建用户zhangsan

2.切换zhangsan用户

3.新建lisi用户并设置密码

4.切换lisi用户

5.切换lisi用户

6.测试lisi用户权限

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像

探索云世界

热门

云计算

大数据

云原生

人工智能

数据库

开发与运维

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

Linux系统之普通用户sudo提权配置

一、检查本地系统版本

二、创建redhat普通用户

1.创建redhat用户

2.为redhat用户设置密码

3.查询创建用户相关命令的绝对路径

三、编辑/etc/sudoers文件

四、检查redhat用户权限

1.切换到redhat用户

2.新建huawei账号

3.查看新创建用户

4.为huawei账号设置密码

5.删除huawei账号

五、批量用户授权

1.设置别名

2.配置sudo授权

六、测试批量授权效果

1.新建用户zhangsan

2.切换zhangsan用户

3.新建lisi用户并设置密码

4.切换lisi用户

5.切换lisi用户

6.测试lisi用户权限

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像