Applications of Su and sudo

A, SU (switch user), can temporarily change the current user, it will allow users to change the identity of the login. By using Su to change identities, the working directory is not changed by default, but environment variables such as home,shell,user,logname are changed.

Common options

"-C": After executing the specified command, the original identity is restored, that is, exit.

"": Changing the identity is, does not change the working directory, does not use the citation to switch the target user's environment variable.

"-": Changing the identity, also changing the working directory, will refer to switch the target user's environment variables.

Second, sudo is used to designate a user to run a program in some way.
sudo allows the user to execute the specified command as a different identity, with the default identity as root.
The user who can execute the sudo command is set in/etc/sudoers.
The file needs to be opened with a special command #visudo, which can check the file for syntax errors.
The syntax format for the sudo statement defined in/etc/sudoers is:
Who Where= is explained as
Who can execute what commands on those hosts as to whose identity.
Example: Tom 192.168.0.1= (Root)/usr/bin/useradd,...,...,
Where who,where, what can be defined as a group, respectively, are called user groups, host groups, identities, and command groups. Their grammatical format is.
Keyword Group name (all uppercase) = Group member, member within Group,.....
Define user groups
User_alias Usergname = Username,username
Where Suername accepted is represented by: A, user name
B,%groupname System user group name
C, +netgroup Net Group
D, otheruser_alias other groups.

Defining host Groups
Host_alias hostgname = HostIP,..,.....
HostIP accepted is represented by: A, HOSTNAME host name
B, ip_addr IP address
C, Network (/NETMASK) address
D, otherhostgname other host group

Defining Run identities
Runas_alias Rungname = Runusername
Runsuername accepted is represented by: A, #uid uid
B,%group as the system group identity
C, all as the identity of all
Defining command Groups
Cmmd_alias Cmmgdname = Commad,commad ...
The command format accepted by Commad is: The full path of a,/DIR/TO/COMMD command
B,/DIR/TO/COMMD ARG plus parameter
C,/dir commands in the entire directory
Passwd,nopasswd,! can be used in command groups
Where passwd indicates that all commands after the label are executed with sudo enter the password.
NOPASSWD indicates that all subsequent commands for the label do not have to be entered
“！ "indicates that the command cannot be executed
There are syntax formats and examples in sudoers. Can be viewed with #man sudoers

Sudo-i switch users, and change the working directory, the corresponding environment variables to load;
Sudo-s switch users, do not change the working directory, the corresponding environment variables do not load.

Applications of Su and sudo