linux给用户sudo权限,给普通用户管理员权限(权限控制)

一.介绍

涉及文件:/etc/sudoers  -- 不可通过vim修改,它用于定义哪些用户或用户组可以以超级用户(root)的权限执行特定的命令

涉及命令:visudo -- 用来修改/etc/sudoers文件

涉及用户组: wheel  -- 添加到这个组的用户可以使用sudo,需要输入密码

[root@test2 ~]# cat /etc/sudoers | grep -Ev '^#' | sed '/^$/d'
Defaults   !visiblepw
Defaults    always_set_home
Defaults    match_group_by_gid
Defaults    always_query_group_plugin
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL

  

 

二.示例visudo

1. 给用户test不输入密码就可以使用sudo命令

1)不添加权限,输入密码依旧不能够使用sudo命令

[test@test2 ~]$ sudo su - root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

For security reasons, the password you type will not be visible.

[sudo] password for test: 
Sorry, try again.

2)使用visudo命令添加

# 需要输入密码才能使用sudo
test    ALL=(ALL)       ALL
# 连密码也不需要输入便可以使用sudo
test ALL=(ALL) NOPASSWD: ALL


例子:直接切换到root用户

[test@test2 ~]$ sudo cat /etc/sudoers | grep -Ev '^#' | sed '/^$/d'
Defaults   !visiblepw
Defaults    always_set_home
Defaults    match_group_by_gid
Defaults    always_query_group_plugin
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
test ALL=(ALL) NOPASSWD: ALL
[test@test2 ~]$ sudo su - root
Last login: Wed May 28 20:45:14 CST 2025 on pts/3
[root@test2 ~]#

 

三.示例wheel组

1.给用户test输入密码就可以使用sudo命令

1)取消前面的设置,把用户添加到wheel组

[root@test2 ~]# usermod -aG wheel test
[root@test2 ~]# id test
uid=1001(test) gid=1001(test) groups=1001(test),10(wheel)

 

 

四.作用

1.普通用户sudo su - root 便可以直接进入root用户 

 

posted @ 2025-05-28 20:57  铿锵有力自信且坚定  阅读(230)  评论(0)    收藏  举报