为了提高安全性,可禁止root帐号通过SSH登录。此时要远程管理系统,就要建立另一个管理帐号。

使用root登录系统,创建一个新用户,并设置新用户的密码

[[email protected]_abc ~]# useradd abc
[[email protected]_abc ~]# passwd abc
Changing password for user abc.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

以新建的用户登录系统,尝试做更新操作

[[email protected]_abc ~]$ sudo yum update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for abc:
abc is not in the sudoers file. This incident will be reported.
[[email protected]_abc ~]$
#提示“abc is not in the sudoers file”,新用户无法执行sudo命令。

再次以root用户登录系统,将新建用户加入/etc/sudoers

[[email protected]_abc ~]# ll /etc/sudoers
-r--r----- 1 root root 3957 Apr 24 23:20 /etc/sudoers
[[email protected]_abc ~]# chmod +w /etc/sudoers
#/etc/sudoers文件是只读的,要临时给文件加上写权限
[[email protected]_abc ~]# ll /etc/sudoers
-rw-r----- 1 root root 3957 Apr 24 23:20 /etc/sudoers
[[email protected]_abc ~]# vim /etc/sudoers
root   ALL=(ALL)    ALL
abc    ALL=(ALL)    ALL
[[email protected]_abc ~]# chmod -w /etc/sudoers
[[email protected]_abc ~]# ll /etc/sudoers
-r--r----- 1 root root 3957 Apr 24 23:20 /etc/sudoers
#修改/etc/sudoers后,将读权限取消

也可以用下面的方法让新用户可以执行sudo

[[email protected]_abc ~]# usermod -aG wheel abc

再次以新用户身份执行sudo进行测试

[[email protected]_abc ~]$ sudo yum update
#以新建的用户登录系统,可以做升级操作

如果有需要,可以从一般帐号切换到root帐号

[[email protected]_abc ~]$ su - root
Password: 
#输入root帐号的密码,- 的作用是切换到root帐号,同时加载root帐号的配置
Last login: Tue Apr 24 23:22:38 CST 2018 on pts/0
[[email protected]_abc ~]# pwd
/root
[[email protected]_abc ~]#

0 Comments

发表评论

电子邮件地址不会被公开。 必填项已用*标注