Concepts related to Linuxlogin & amp; non-loginshell and su and sudo

Source: Internet
Author: User

Concepts related to Linuxlogin & amp; non-loginshell and su and sudo
1. login & non-login shell

In Linux, the kernel will create the init process to perform a series of system initialization operations. When a user logs on to the shell, the related logon configuration files are read from both the pseudo-terminal Logon: ssh, the X11 console, and the tty console. Linux has two types of Logon shells: login and nologin:

Login shell: Required for shell login Complete Logon ProcessCalled login shell. Complete: Enter the user name and password. For example: Take the tty1-tty6 control terminal, or take ssh and other Pseudo Terminal remote login non-login shell: login shell You do not need to enter account information. For example, in X11, open a Pseudo Terminal, or in shell, enter the shell sub-process.

The difference between these two types of Logon shells is that when you log on to the shell, the read configuration files are different. Here we will first introduce two configuration files/etc/profile and ~ /. Bashrc. in unix systems, the configuration files of these two shell environments are the two most exposed files:

/Etc/profile, At the top of the shell configuration file. This is a global setting of the System shell environment, such as PATH and MAIL many environment variables. The modification affects all users .~ /. Bashrc, At the lowest end of the shell configuration file. This is a configuration file for each user's shell environment. Most of our personalized customization can be directly modified in this file.

Login shell (bash) will read the configuration file during login:

/Etc/profile, global configuration ~ /. Bash_profile or ~ /. Bash_login or ~ /. Profile, personal configuration. There are three files because different shells may have different names and only read one of them in order.

In fact, not only are these two files read during login, but other configuration files will be included in the/etc/profile file. For example, the content of this file on my ubuntu machine is as follows:

 

#/Etc/profile: system-wide. profile file for the Bourne shell (sh (1) # and Bourne compatible shells (bash (1), ksh (1), ash (1 ),...). if ["$ PS1"]; then # if the shell environment exists and is not sh, read/etc/bash. bashrc if ["$ BASH"] & ["$ BASH "! = "/Bin/sh"]; then # The file bash. bashrc already sets the default PS1. # PS1 = '\ h: \ w \ $' if [-f/etc/bash. bashrc]; then. /etc/bash. bashrc fi else if ["'id-U'"-eq 0]; then PS1 = '# 'else PS1 =' $ 'fi fifi # The default umask is now handled by pam_umask. # See pam_umask (8) and/etc/login. defs. # Read/etc/profile. all sh files in the d directory if [-d/etc/profile. d]; then for I in/etc/profile. d /*. sh; do if [-r $ I]; then. $ I fi done unset ifi
For my ubuntu machine ~ The content of the/. profile file is as follows: Finally, the shell will read ~ /. Bashrc File.
# ~/.profile: executed by the command interpreter for login shells.# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login# exists.# see /usr/share/doc/bash/examples/startup-files for examples.# the files are located in the bash-doc package.# the default umask is set in /etc/profile; for setting the umask# for ssh logins, install and configure the libpam-umask package.#umask 022# if running bashif [ -n "$BASH_VERSION" ]; then    # include .bashrc if it exists    if [ -f "$HOME/.bashrc" ]; then        . "$HOME/.bashrc"    fifi# set PATH so it includes user's private bin if it existsif [ -d "$HOME/bin" ] ; then    PATH="$HOME/bin:$PATH"fi

 

The login shell reads the configuration process (from: <> ):

Non-login shell (bash) only reads the configuration file when logging on :~ /. Bashrc. The bashrc file sometimes does not exist and needs to be created by yourself. It can be customized without affecting other users.

2. su & sudo

In the Linux release I am using, ubuntu does not prompt the setting of the root password during installation. Only after entering the system can I set the root password through passwd in shell, fedora, during centos installation, you must set the root password and create a common user. We can see that linux designers expect users to perform normal operations with lower permissions, which is based on security considerations.

However, in the shell environment, due to various work needs, we often need to switch user permissions, the most common is to obtain the permissions of the root user. The most common commands are su and sudo.

 

Su [-lc] [username]-,-l, -- login: indicates to use the login shell method to log on to username. If username is blank, the default logon is root. If you do not have this parameter, log on to-c using nonlogin and run the command only once. The command must be enclosed in quotation marks.
Here we want to emphasize that Difference between su and su-That is, a large string Differences between login and non-login.

 

I think there are two reasons for the existence of the sudo command:

To use su to switch to the root user, all users need to know the root password, which is not safe. Many times, to switch to the root user, we only need to execute a statement, although su-c can do this, however, a space-c is required each time, and the root password is required each time;

The above two reasons are sudo's reasons. Sudo allows users to obtain the permissions of other users by verifying their passwords. Only the root user needs to configure/etc/sudoers. The content of my sudoers file is as follows:

 

# User privilege specificationroot ALL = (ALL: ALL) ALL # Members of the admin group can switch to any User to execute any command % admin ALL = (ALL) ALL # Allow members of group sudo to execute any command % sudo ALL = (ALL: ALL) ALL # The users group does not require password switching. % users ALL = (ALL) NOPASSWD: ALL # allow guest to switch to ALL users in the samba_group group guest ALL = (% samba_group: ALL) ALL
In sudoers, you can set a user with sudo permissions as follows:

 

 

Login Account: the source host name of the login user = (the identity can be switched) executable command

The login account can be:Individual, group, alias. Add % in front of the group

For aliases, the four components of the sudoers structure can be represented by aliases:User_Alias,Runas_Alias,Host_Alias,Cmnd_Alias

The naming format of each alias: Alias_Type NAME = item1, item2,.... the alias NAME must start with an uppercase letter, a number, and an underscore.

For example:

User_Alias SBGROUP = user1, user2, user3

Sbgroup all = (ALL) ALL

To ensure that the/etc/sudoers syntax is correct, we usually edit the file by doing do.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.