给用户授权以root身份执行ls,touch,passwd命令,但是禁止修改root用户密码
通过visudo修改授权普通用户相关的权限 [root@lin ~]# visudo oldboy ALL=(ALL) /bin/ls, /bin/touch, /usr/bin/passwd, !/usr/bin/passwd root
登录普通用户,并试验结果 [root@lin ~]# su - oldboy [oldboy@lin ~]$ sudo passwd lin666 Changing password for user lin666. New password: BAD PASSWORD: it is too simplistic/systematic BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully. [oldboy@lin ~]$ sudo passwd root [sudo] password for oldboy: Sorry, user oldboy is not allowed to execute '/usr/bin/passwd root' as root on lin.