Introduction of user authority delegation configuration under CentOS (Linux)

Time:2020-6-29

Introduction of user authority delegation configuration under CentOS (Linux)

When it comes to authority delegation, it is very important for the normal operation of a service. For enterprises, it is often said that the greater the authority, the greater the responsibility, and of course, the greatest harm. When the authority is compared, misoperation will cause catastrophic damage to the application, so you should be absolutely careful in the authority allocation. Of course, in general large enterprises, for the authority allocation Very detailed, the same service will be divided into different operation permissions, so it is relatively safe. If there is a problem, we can find out the corresponding responsible person directly. Today, we will introduce the delegation of user rights under CentOS. First of all, we all know that the largest authority account under CentOS (Linux) is root, which is similar to the administrator in Windows environment. All of them belong to the global administrator and have full operation authority on the service. My environment is like this. I habitually use the root authority to operate the service. Due to the recent audit, I am responsible People changed the password of root and created a new ordinary user. After logging in with ordinary users, they could not save the modified service. Therefore, we summarized the above environmental problems and shared them with children’s shoes in need.

In fact, there are many ways to allocate authority control: today we will introduce two ways.

1. Add root permission to the new user

2. Delegate sudo authority to new users;

We create a new user in the environment by using the following command

AddUser Gavin --- add user Gavin
Pass Gavin -- > set a new password for Gavin users
XXXXXXXX > Enter custom new password
Xxxxxxx -- > Enter to confirm the custom new password

Then we use Gavin to log in and modify the hosts file

Vim /etc/hosts

The user will only be prompted to save the operation

clip_image002

Vim /etc/passwd

Modify the ID value of Gavin user

Note: we can see the first line, the ID of root is 0

clip_image004

Change the ID of Gavin to 0

In this way, no matter using root or Gavin, the root information will be displayed after login, which is root permission

clip_image006

Method 2: delegate sudo authority to new users

Vim /etc/sudoers

Find the row “allow root to run any command anywhere”, and then there will be the information “root all = (all) all”;

clip_image008

Add a row

gavin ALL=(ALL) ALL

clip_image010

In this way, save and exit,

Then ordinary users must use sudo + VIM to modify the service

Note: if the user name does not have super user rights, when you enter the sudo + command, the system prompts:

. the code is as follows:

gavin is not in the sudoers file.  This incident will be reported.

Solution: 1. Enter super user mode. Enter “Su”, the system will let you enter the super user password, enter the super user mode after entering the password.

clip_image012

2. Add write permission to the file.

. the code is as follows:

U here refers to the owner of the file
+W add writable permission
U + X means only the current user has writable permission
chmod u+w /etc/sudoers

clip_image014

clip_image016

In this way, sudo VIM / etc / hosts has permission to operate user services

clip_image018

4. Revoke the write permission of the file.

. the code is as follows:

chmod u-w /etc/sudoers