The ultimate goal to be achieved:
1. Ordinary users can use sudo, but they do not need to enter the password every time.
2. Ordinary users cannot modify passwords of other accounts.
Baidu once said it would be implemented by modifying the /etc/sudoers file, but because it is a bit multifarious, I am not sure after reading it. I have two questions:
root ALL=(ALL) ALL //1. test1 is equivalent to root account test1 ALL=(ALL) ALL //2. Give account test2 all the operation rights except modifying other account passwords test2 ALL=(root) ALL, ! /usr/bin/passwd [A-Za-z]*, ! /usr/bin/passwd root //3. If you don't want to verify the password every time you use sudo, timestamp_timeout=-1 means that you only need to verify the password once, and then the system will automatically remember it. runasp needs the root password. If you don't add the default, you need to enter the password of the ordinary account: Defaults:test1,test2 timestamp_timeout=-1,runaspw
Note point 2:
test2 ALL=(root) ALLAnd so on
test2 ALL=(ALL) ALLWhat’s the difference? In other words, root in brackets is changed to ALL.
Note point 3: what is runaspw? Baidu did not have much content.
Is there any need to modify the method in sudoers file above?
This means that the user can execute the C command operation with the B user on the host computer in A.
The user can execute any command with any user anywhere.
The user can execute any command as root anywhere.
By default, you need to enter the root password to run the command, not the password of the current user, so this setting is normally turned off.
Enter the password once until the restart is no longer verified, and you can set an approximate time. This setting is no different from using root user.
Or linux command line
man 5 sudoers