系统运输
在/etc/sudoers中设置用户别名和命令别名,以设置每种用户类型所需的权限和命令,并控制用户权限和可用命令
主机别名
# host _ alias文件服务器=fs1,fs2
用户别名
组名称
# User_Alias ADMINS=jsmith,mikem
# User_alias AdminsGroup=%xbin
命令别名
# Cmnd_Alias SOFTWARE=/bin/rpm、/usr/bin/up2date、/usr/bin/yum
配置
用户主机=(主机)命令
root ALL=(ALL ) ALL
sudoers文件配置
[root@xbin-s~]#grep-v&; #039; ##&; #039; /etc/sudoers
# host _ alias文件服务器=fs1,fs2
# Host_Alias MAILSERVERS=smtp,smtp2
# User_Alias ADMINS=jsmith,mikem
# cmnd _ alias networking=/sbin/route、/sbin/ifconfig、/bin/ping、/sbin/dhclient、/usr/bin/net、/sbin
# Cmnd_Alias SOFTWARE=/bin/rpm、/usr/bin/up2date、/usr/bin/yum
# cmnd _ alias services=/sbin/service,/sbin/chkconfig
# cmnd _ alias locate=/usr/bin/updatedb
# Cmnd_Alias STORAGE=/sbin/fdisk、/sbin/sfdisk、/sbin/parted、/sbin/partprobe、/bin/mount、/bin/umoumord
# cmnd _ alias delegating=/usr/sbin/visudo,/bin/chown,/bin/chmod,/bin/chgrp
# Cmnd_Alias PROCESSES=/bin/nice,/bin/kill,/usr/bin/kill,/usr/bin/kill
# cmnd _ alias drivers=/sbin/modprobe
# Defaults specification
#
# refusetorunifunabletodisableechoonthetty。
#
默认! visiblepw
#
# preservinghomehassecurityimplicationssincemanyprograms
# useitwhensearchingforconfigurationfiles.notethathome
# isalreadysetwhenthetheenv _ resetoptionisenabled,so
# thisoptionisonlyeffectiveforconfigurationswhereeither
# env _ resetisdisabledorhomeispresentintheenv _ keep list。
#
Defaults always_set_home
Defaults env_reset
efaultsenv _ keep=colorsdisplayhostnamehistsizeinputrckdedirls _ colors
defaults env _ keep=mail PS1 PS2 qtdirusernamelanglc _ address LC _ ctype
defaults env _ keep=LC _ collate LC _ identificati onlc _ measurement LC _ messages
defaults env _ keep=LC _ monetary LC _ namelc _ numeric LC _ paper LC _ telephone
dfaultsenv _ keep=LC _ timelc _ allanguagelinguas _ xkb _ charsetxauthority
#
# addinghometoenv _ keepmayenableausertorununrestricted
# commands via sudo .
#
# Defaults env_keep=HOME
dfaultssecure _ path=/sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL ) ALL
xbin ALL=(ALL ) ALL
# %sys ALL=NETWORKING、SOFTWARE、SERVICES、STORAGE、DELEGATING、PROCESSES、LOCATE、DRIVERS
#%wheelALL=(all ) all
#%wheelall=(all ) NOPASSWD: ALL
# ALL=/sbin/mount /mnt/cdrom、/sbin/umount /mnt/cdrom
# localhost=/sbin/shutdown -h now
#includedir /etc/sudoers.d
defaults log file=/var/log/sudo.log
实战命令
批量创建用户
foruserinchuji 001 c huji 002 chuji 003 net001 senior 001 manager 001
do
用户$用户
ECHO111111|passwd----stdin$user
唐
for n in `seq 5`
do
useradd -g phpers php00$n
echo 11111|passwd---- stdin PHP 00 $ n
唐
foruserinkaifamanager 001 seniorphpers
do
用户$用户
ECHO111111|passwd----stdin$user
唐
sudoers配置文件
cmnd _ alias cy _ cmd _1=/usr/bin/free、/usr/bin/iostat、/usr/bin/top、/bin/hostname、/sbin/ifcos
cmnd _ alias gy _ cmd _1=/usr/bin/free、/usr/bin/iostat、/usr/bin/top、/bin/hostname、/sbin/ifcos
cmnd _ alias CK _ cmd _1=/usr/bin/tail/app/log *、/bin/grep /app/log*、/bin/cat、/bin/ls
cmnd _ alias GK _ cmd _1=/sbin/service,/sbin/chkconfig,/bin/tail /app/log*,/bin/grep /app/log*
Cmnd_Alias GW_CMD_1=/sbin/route、/sbin/ifconfig、/bin/ping、/sbin/dhclient、/usr/bin/net/sbin
User_Alias CHUJIADMINS=chuji001、chuji002、chuji003
User_Alias GWNETADMINS=net001
User_Alias CHUJI_KAIFA=%phpers
Runas_Alias OP=root
senior001 ALL=(OP ) GY_CMD_1
manager001 ALL=(ALL ) NOPASSWD:ALL
kaifamanager001 ALL=(ALL ) ALL,/usr/bin/passwd [A-Za-z]*! /usr/bin/passwd root! /usr/sbin/visudo,~/usr/bin/vi *sudoer*
seniorphpers ALL=(OP ) GK_CMD_1
CHUJIADMINS ALL=(OP ) CY_CMD_1
GWNETADMINS ALL=(OP ) GW_CMD_1
CHUJI_KAIFA ALL=(OP ) CK_CMD_1
批量创建20个用户,在用户之后随机设置5位密码
[root@xbin-S ~]# cat test5.sh
#! /bin/bash
export ptah=/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/bin://usr/games:/
for n in `seq 20 `
do
用户用户$ n
echo user $ n ` echo user $ n|m D5 sum|cut-C1-5 `|passwd-- stdin user $ n
echo user $ n:user $ n ` echo user $ n|m D5 sum|cut-C1-5 `/tmp/user _ passwd.txt
# echo user $ n ` echo user $ n|m D5 sum|cut-C1-5 `
唐
详情请访问云服务器、域名注册、虚拟主机的问题,请访问西部数码代理商官方网站: www.chenqinet.cn