linux:服务器SSH账号权限配置

/etc/sudoers

Defaults    !visiblepw
Defaults    always_set_home
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)       ALL
##Add by sandy
Defaults    logfile=/var/log/sudo.log

##Cmnd_Alias by sandy
Cmnd_Alias   C_CMD_1= !/usr/bin/passwd, /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root,!/sbin/fdisk,!/sbin/parted,!/usr/sbin/visudo,!/usr/bin/vi* *sudo* ,!/bin/vi *sudo*,!/bin/cat /var/log/sudo.log,!/bin/rm  /var/log/sudo.log
Cmnd_Alias   N_CMD_1 = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables,/usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool，/bin/cat /var/log/*
Cmnd_Alias   P_CMD_1 = /bin/cat /data/logs/*,/bin/cat /var/log/messages,/bin/cat /data/www/*,/bin/sh,/data/sh/*.sh
Cmnd_Alias   P_CMD_2 = /usr/bin/vim /data/www/cloud/index.php,/usr/bin/php

### User_Alias by sandy
User_Alias   ADMINS = omadmin,dev
User_Alias   CHUJIADMINS =
User_Alias   NETADMINS =
User_Alias   PROGRAMERS =
User_Alias   TMPWS =

###Runas_Alias by sandy
Runas_Alias  SUUSER = root

## pri config
ADMINS       ALL=(ALL)      NOPASSWD:ALL
CHUJIADMINS  ALL=(SUUSER)   NOPASSWD:ALL,C_CMD_1
NETADMINS    ALL=(SUUSER)   NOPASSWD:N_CMD_1
PROGRAMERS   ALL=(SUUSER)   NOPASSWD:P_CMD_1
TMPWS        ALL=(SUUSER)   NOPASSWD:P_CMD_2

本文出自 “我的运维之路” 博客，请务必保留此出处http://linuxpython.blog.51cto.com/10015972/1625392