###
1.創建test用戶,設置密碼
[root@jira ~]# useradd test [root@jira ~]# passwd test Changing password for user test. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
2.授權test用戶可以 以root權限運行netstat命令
[root@jira ~]# cat /etc/sudoers # **** ## Allow root to run any commands anywhere root ALL=(ALL) ALL #(為普通用戶test賦予root權限) #第一個ALL:所有地方都可以登陸,localhost只能本機登陸。 #第二個(ALL):表示什么身份的用戶都執行。’ #第三個ALL:表示所有命令都可以使用
#NOPASSWD:表示不用輸入root密碼即可執行 test ALL=(ALL) NOPASSWD:/usr/bin/netstat,/usr/bin/ps ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # ****
3.測試
# 未授權查看(需要密碼,不能查看pid) [test@jira ~]$ sudo netstat -lntup We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for test: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 :::7081 :::* LISTEN - tcp6 0 0 :::3306 :::* LISTEN -# 授權后查看(不需要密碼直接以root權限查看所有內容) [root@jira ~]# su - test Last login: Thu Jan 14 15:44:25 CST 2021 on pts/2 [test@jira ~]$ sudo netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1152/sshd tcp6 0 0 :::22 :::* LISTEN 1152/sshd tcp6 0 0 :::7081 :::* LISTEN 1613/docker-proxy tcp6 0 0 :::3306 :::* LISTEN 1978/mysqld
###