Oracle/DB2/Postgresql/Mysql/Hadoop/Greenplum/Postgres-xl/Mongodb
分类: LINUX
2012-06-15 15:19:50
一、配置用户添加红色字体部份
more /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
#root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Defaults syslog=auth
Defaults logfile=/var/log/sudo.log
Cmnd_Alias SHUTDOWN=/sbin/halt,/sbin/shutdown
root ALL=ALL
tank ALL=ALL,!SHUTDOWN,!/usr/bin/passwd,!/usr/bin/useradd,!/usr/bin/userdel,!/sbin/fdisk,!/bin/mount,!//bin/umount
其tank为普通用户,可以执行root的所有命令,排除shudown,passwd,等。
二、限止sudo用户修改配置文件
chmod 0440 /etc/sudoers
chmod 0440 /var/log/sudo.log
