以前的公司不允许使用sudo，所以一直没研究过这个东西。最近遇到一个问题——下班后，开发人员因测试紧急，需要系统管理员能赶回来为他们重启WAS，类似问题只有通过给个别普通用户赋予启、停WAS的权力来解决。IBM官方的方法是修改一堆文件或目录的权限，我觉得太累，所以上午花时间测试下sudo，发现sudo还真是简单、好用、安全性也比IBM官方的好。

    装完sudo，一条命令改下配置文件，所有工作就完了：
cat <<'!' >>/etc/sudoers

Defaults loglinelen=0
Defaults        logfile=/var/log/sudo.log
#Defaults !syslog

db2inst1        ALL=(ALL) NOPASSWD: /usr/was/bin/stopServer.sh,/usr/was/bin/startServer.sh
!

    实际执行效果：
< :/home/db2inst1>$sudo /usr/was/bin/stopServer.sh MONITOR2Server
ADMU0116I: Tool information is being logged in file
/usr/WebSphere/AppServer/logs/MONITOR2Server/stopServer.log
ADMU3100I: Reading configuration for server: MONITOR2Server
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server MONITOR2Server stop completed.
< :/home/db2inst1>$sudo /usr/was/bin/startServer.sh MONITOR2Server
ADMU0116I: Tool information is being logged in file
/usr/WebSphere/AppServer/logs/MONITOR2Server/startServer.log
ADMU3100I: Reading configuration for server: MONITOR2Server
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server MONITOR2Server open for e-business; process id is 2179272
< :/home/db2inst1>$

========================================================================
任何形式的转载，请写明出处：
email:
blog:    http://www.cublog.cn/u/739/
========================================================================