Linux sudo権限管理プロジェクト実戦
seq 5
douseradd-g phpers php 00$ndonefor user in kaifamanager 001 seniorphpersdouseradd$userecho"111111"|passwd--stdin$userdone 3に属し、visudoを使用してvi/etc/sudoersを編集します.Defaults logfile=/var/log/sudo.log##Cmnd_Alias by Tim##2018/01/16Cmnd_Alias CY_CMD_1 =/usr/bin/free,/usr/bin/iostat,/usr/bin/top,/usr/bin/iostat,/bin/ifconfig,/bin/netstat,\/bin/hostname,/bin/routeCmnd_Alias GY_CMD_1 =/usr/bin/free,/usr/bin/iostat,/usr/bin/top,/bin/hostname,/sbin/ifconfig,/bin/netstat,\/sbin/route,/sbin/iptables,/etc/init.d/network,/bin/nice,/bin/kill,/usr/bin/kill,/usr/bin/killall,/bin/rpm,\/usr/bin/up2date,/usr/bin/yum,/sbin/fdisk,/sbin/sfdisk,/sbin/parted,/sbin/partprobe,/bin/mount,/bin/umountCmnd_Alias CK_CMD_1 =/usr/bin/tail/app/log,/bin/grep/app/log,/bin/cat,/bin/isCmnd_Alias GK_CMD_1 =/sbin/service,/sbin/chkconfig,/bin/tail/app/log,/bin/grep/app/log,/bin/cat,/bin/ls,\/bin/sh ~/scripts/deploy.shCmnd_Alias GW_CMD_1 =/sbin/route,/sbin/ifconfig,/bin/ping,/sbin/dhclient,\/usr/bin/net,/sbin/iptables,/usr/bin/rfcomm,/usr/bin/wvdial,/sbin/iwconfig,\/sbin/mii-tool,/bin/cat/var/log/#####################################################################################User_Alias by Tim##2018/01/16User_Alias CHUJIADMINS = chuji001,chuji002,chuji003User_Alias GWNETADMINS = net001User_Alias CHUJI_KAIFA = %phpers##Runas_Alias by Tim##2018/01/16Runas_Alias OP = root#pri configsenior001 ALL=(OP) GY_CMD_1manager001 ALL=(ALL) NOPASSWD:ALLkaifamanager001 ALL=(ALL) ALL,(ALL)/usr/bin/passwd [A-Za-z],(ALL) !/usr/bin/passwd root,\(ALL) !/usr/sbin/visudo, (ALL) !/usr/bin/vim, (ALL) !/usr/bin/vi sudoer, (ALL) !/usr/bin/sudo su -, (ALL) !/bin/suseniorphpers ALL=(OP) GK_CMD_1CHUJIADMINS ALL=(OP) CY_CMD_1GWNETADMINS ALL=(OP) GW_CMD_1CHUJI_KAIFA ALL=(OP) CK_CMD_1