給用戶授權以root身份執行ls,touch,passwd命令,但是禁止修改root用戶密碼
通過visudo修改授權普通用戶相關的權限
[root@lin ~]# visudo
oldboy ALL=(ALL) /bin/ls, /bin/touch, /usr/bin/passwd, !/usr/bin/passwd root
[root@lin ~]# visudo
oldboy ALL=(ALL) /bin/ls, /bin/touch, /usr/bin/passwd, !/usr/bin/passwd root
登錄普通用戶,並試驗結果
[root@lin ~]# su - oldboy
[oldboy@lin ~]$ sudo passwd lin666
Changing password for user lin666.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[oldboy@lin ~]$ sudo passwd root
[sudo] password for oldboy:
Sorry, user oldboy is not allowed to execute '/usr/bin/passwd root' as root on lin.
[root@lin ~]# su - oldboy
[oldboy@lin ~]$ sudo passwd lin666
Changing password for user lin666.
New password:
BAD PASSWORD: it is too simplistic/systematic
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[oldboy@lin ~]$ sudo passwd root
[sudo] password for oldboy:
Sorry, user oldboy is not allowed to execute '/usr/bin/passwd root' as root on lin.