减少root 的登入 ： sudo

还是先看一下sudo 的配置文件：

/etc/sudoers

root@a05scpgapp01/etc>cat sudoers  
#s file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
 
# Host alias specification
 
# User alias specification
User_Alias      U_SYSADMIN_AIX = aaa, bbb, ccc  (specify the login user and user sudo command)
 
# Cmnd alias specification
Cmnd_Alias      C_AIX_COMMANDS_SET1 = /usr/bin/ls,/usr/bin/cat,/usr/bin/showmount,/usr/bin/find,/usr/bin/du,/usr/bin/tar,/usr/bin/gzip,/usr/bin/compress,/usr/bin/uncompress,/usr/bin/gunzip,/usr/bin/nohup,/usr/bin/dsmc,/usr/bin/dsmadmc,/usr/bin/dsmcad,/opt/tivoli  (specify the indirect command afer sudo which can be used)
 
Cmnd_Alias      SUDOSUDO = /usr/local/bin/sudo,/usr/bin/sudo  (specify the sudo installed path)
# Defaults specification
 
# Runas alias specification
Runas_Alias     U_FUNCTION_SA = ibmsa, sudouser  (sudo login brigde ID, exmple： sudo -u sudouser su -)
 
# User privilege specification
root    ALL=(ALL) ALL
U_SYSADMIN_AIX ALL=(ALL) NOPASSWD:C_AIX_COMMANDS_SET1
U_SYSADMIN_AIX ALL=(U_FUNCTION_SA) NOPASSWD:/usr/bin/su
 
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL
 
# Same thing without a password
# %wheel        ALL=(ALL) NOPASSWD: ALL
 
# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
ALL ALL=!SUDOSUDO
#logging
Defaults syslog=auth
Defaults log_year, logfile=/var/log/sudo.log
root@a05scpgapp01/etc>

--------------------------------

When I used my personal Id to test:
error:
sudo not find:

solution:
Add the "path" into the personal ID path:
vi /home/id/.profile
add : /usr/local/bin to PATH
export PATH

make the .profile take effect: . .profile

 

sudo 对安全性还是很有好处的，对于login 的记录，可以看/var/log/sudo.log