陈奇网络工作室

用户集中管理

系统运输

在/etc/sudoers中设置用户别名和命令别名,以设置每种用户类型所需的权限和命令,并控制用户权限和可用命令

主机别名

# host _ alias文件服务器=fs1,fs2

用户别名

组名称

# User_Alias ADMINS=jsmith,mikem

# User_alias AdminsGroup=%xbin

命令别名

# Cmnd_Alias SOFTWARE=/bin/rpm、/usr/bin/up2date、/usr/bin/yum

配置

用户主机=(主机)命令

root ALL=(ALL ) ALL

sudoers文件配置

[root@xbin-s~]#grep-v& #039; ##& #039; /etc/sudoers

# host _ alias文件服务器=fs1,fs2

# Host_Alias MAILSERVERS=smtp,smtp2

# User_Alias ADMINS=jsmith,mikem

# cmnd _ alias networking=/sbin/route、/sbin/ifconfig、/bin/ping、/sbin/dhclient、/usr/bin/net、/sbin

# Cmnd_Alias SOFTWARE=/bin/rpm、/usr/bin/up2date、/usr/bin/yum

# cmnd _ alias services=/sbin/service,/sbin/chkconfig

# cmnd _ alias locate=/usr/bin/updatedb

# Cmnd_Alias STORAGE=/sbin/fdisk、/sbin/sfdisk、/sbin/parted、/sbin/partprobe、/bin/mount、/bin/umoumord

# cmnd _ alias delegating=/usr/sbin/visudo,/bin/chown,/bin/chmod,/bin/chgrp

# Cmnd_Alias PROCESSES=/bin/nice,/bin/kill,/usr/bin/kill,/usr/bin/kill

# cmnd _ alias drivers=/sbin/modprobe

# Defaults specification

#

# refusetorunifunabletodisableechoonthetty。

#

默认! visiblepw

#

# preservinghomehassecurityimplicationssincemanyprograms

# useitwhensearchingforconfigurationfiles.notethathome

# isalreadysetwhenthetheenv _ resetoptionisenabled,so

# thisoptionisonlyeffectiveforconfigurationswhereeither

# env _ resetisdisabledorhomeispresentintheenv _ keep list。

#

Defaults always_set_home

Defaults env_reset

efaultsenv _ keep=colorsdisplayhostnamehistsizeinputrckdedirls _ colors

defaults env _ keep=mail PS1 PS2 qtdirusernamelanglc _ address LC _ ctype

defaults env _ keep=LC _ collate LC _ identificati onlc _ measurement LC _ messages

defaults env _ keep=LC _ monetary LC _ namelc _ numeric LC _ paper LC _ telephone

dfaultsenv _ keep=LC _ timelc _ allanguagelinguas _ xkb _ charsetxauthority

#

# addinghometoenv _ keepmayenableausertorununrestricted

# commands via sudo .

#

# Defaults env_keep=HOME

dfaultssecure _ path=/sbin:/bin:/usr/sbin:/usr/bin

root ALL=(ALL ) ALL

xbin ALL=(ALL ) ALL

# %sys ALL=NETWORKING、SOFTWARE、SERVICES、STORAGE、DELEGATING、PROCESSES、LOCATE、DRIVERS

#%wheelALL=(all ) all

#%wheelall=(all ) NOPASSWD: ALL

# ALL=/sbin/mount /mnt/cdrom、/sbin/umount /mnt/cdrom

# localhost=/sbin/shutdown -h now

#includedir /etc/sudoers.d

defaults log file=/var/log/sudo.log

实战命令

批量创建用户

foruserinchuji 001 c huji 002 chuji 003 net001 senior 001 manager 001

do

用户$用户

ECHO111111|passwd----stdin$user

for n in `seq 5`

do

useradd -g phpers php00$n

echo 11111|passwd---- stdin PHP 00 $ n

foruserinkaifamanager 001 seniorphpers

do

用户$用户

ECHO111111|passwd----stdin$user

sudoers配置文件

cmnd _ alias cy _ cmd _1=/usr/bin/free、/usr/bin/iostat、/usr/bin/top、/bin/hostname、/sbin/ifcos

cmnd _ alias gy _ cmd _1=/usr/bin/free、/usr/bin/iostat、/usr/bin/top、/bin/hostname、/sbin/ifcos

cmnd _ alias CK _ cmd _1=/usr/bin/tail/app/log *、/bin/grep /app/log*、/bin/cat、/bin/ls

cmnd _ alias GK _ cmd _1=/sbin/service,/sbin/chkconfig,/bin/tail /app/log*,/bin/grep /app/log*

Cmnd_Alias GW_CMD_1=/sbin/route、/sbin/ifconfig、/bin/ping、/sbin/dhclient、/usr/bin/net/sbin

User_Alias CHUJIADMINS=chuji001、chuji002、chuji003

User_Alias GWNETADMINS=net001

User_Alias CHUJI_KAIFA=%phpers

Runas_Alias OP=root

senior001 ALL=(OP ) GY_CMD_1

manager001 ALL=(ALL ) NOPASSWD:ALL

kaifamanager001 ALL=(ALL ) ALL,/usr/bin/passwd [A-Za-z]*! /usr/bin/passwd root! /usr/sbin/visudo,~/usr/bin/vi *sudoer*

seniorphpers ALL=(OP ) GK_CMD_1

CHUJIADMINS ALL=(OP ) CY_CMD_1

GWNETADMINS ALL=(OP ) GW_CMD_1

CHUJI_KAIFA ALL=(OP ) CK_CMD_1

批量创建20个用户,在用户之后随机设置5位密码

[root@xbin-S ~]# cat test5.sh

#! /bin/bash

export ptah=/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/bin://usr/games:/

for n in `seq 20 `

do

用户用户$ n

echo user $ n ` echo user $ n|m D5 sum|cut-C1-5 `|passwd-- stdin user $ n

echo user $ n:user $ n ` echo user $ n|m D5 sum|cut-C1-5 `/tmp/user _ passwd.txt

# echo user $ n ` echo user $ n|m D5 sum|cut-C1-5 `

详情请访问云服务器、域名注册、虚拟主机的问题,请访问西部数码代理商官方网站: www.chenqinet.cn

相关推荐

后台-系统设置-扩展变量-手机广告位-内容页底部广告位3