1. 修改/etc/sudoers文件:
# User alias specification
User_Alias SUDO_USER=install01
--> 如果需要设置多个用户,则用逗号(,)分隔Alias SUDO_USER = install01,install02
# Cmnd alias specification
Cmnd_Alias CMD_TARGET=/bin/chmod, /bin/chown, /bin/tar, /bin/cp, /usr/bin/egrep, /bin/ls, /bin/rm, /bin/mkdir, /usr/bin/sed, /usr/bin/grep, /usr/bin/which, /opt/VRTSvcs/bin/ha*, /usr/sbin/crm*, /usr/bin/test, /bin/kill, /bin/mv, /bin/echo, /usr/bin/touch, /usr/bin/tee, /usr/bin/gzip, /bin/cat, /bin/mount, /bin/umount, /sbin/lvchange, /sbin/lvscan, /usr/bin/dos2unix, /bin/sh
Cmnd_Alias SU_TARGET=/bin/su - oracle*, /bin/su - app*, /bin/su - grid*
# User privilege specification
root ALL=(ALL) ALL
SUDO_USER ALL=(root)NOPASSWD: CMD_TARGET, SU_TARGET
2. 测试sudo权限是否生效:
linuxUSM:~ # su - install01
inst01@linuxUSM:~> sudo -l
User inst01 may run the following commands on this host:
(ALL) ALL
(root) NOPASSWD: /bin/chmod, /bin/chown, /bin/tar, /bin/cp, /usr/bin/egrep, /bin/ls, /bin/rm, /bin/mkdir, /usr/bin/sed, /usr/bin/grep, /usr/bin/which, /opt/VRTSvcs/bin/ha*, /usr/sbin/crm*, /usr/bin/test, /bin/kill, /bin/mv, /bin/echo, /usr/bin/touch, /usr/bin/tee, /usr/bin/gzip, /bin/cat, /bin/mount, /bin/umount, /sbin/lvchange, /sbin/lvscan
(root) NOPASSWD: /bin/su - ptl*, /bin/su - oracle*, /bin/su - grid*
inst01@linuxUSM:~> mkdir /etc/testdir
mkdir: cannot create directory `/etc/testdir': Permission denied
inst01@linuxUSM:~> sudo mkdir /etc/testdir
浙公网安备 33010602011771号