Comparison of su and sudo commands in CentOS

In CentOS, because the root permission is too large, it is generally not used. You can only log on to the root user to execute management tasks in some special circumstances. Generally, the su and sudo commands are used for temporary root permissions. I. Comparison of su and sudo commands: after a common user enters the su command, the system will prompt the user to enter the password of the root account, and then enter the privileged mode (exactly the same as using root to log on to the system ), enter exit or s

In CentOS, because the root permission is too large, it is generally not used. You can only log on to the root user to execute management tasks in some special circumstances. Generally, the su and sudo commands are used for temporary root permissions.

I. Comparison of su and sudo commands:

After entering the su command under a common user, the system will prompt you to enter the password of the root account, and then enter the privileged mode (exactly the same as logging on to the system using the root account). enter exit or su-user to exit:

$ Su

Password:

# Ls/root

Anaconda-ks.cfg install. log install. log. syslog

# Exit

$ Ls/root

Ls: cannot open directory/root: Permission denied # prompt no Permission [Linux community http://www.linuxidc.com]

With the sudo command, you only need to enter the password of the current user (or you can configure it to do not enter the password) to execute the command that requires the root permission:

$ Ls/root

Ls: cannot open directory/root: Permission denied # the system prompts you that you do not have the Permission.

$ Sudo ls/root

We trust you have got ed the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

[Sudo] password for Oracle: # enter the oracle password of a common user

Anaconda-ks.cfg install. log install. log. syslog

Through the comparison above, we can see that sudo has many advantages over su:

1. normal users can execute commands that require root permissions without knowing the root password;

2. do not use the root command to execute destructive commands because you forget to exit (this error is often made by linux beginners );

 

2. configure normal users with the permission to use the sudo command:

In linux, the new user does not have the sudo permission. for example, if you create an AAA user, enter the sudo command with the following prompt:

Aaa is not in the sudoers file. This incident will be reported.

This statement means that the user aaa does not exist in the sudoers file, and the time will be reported to the administrator.

Now that we know the problem is in the sudoers file, let's take a look at the file's sacredness:

[Root @ dbs aaa] # vi/etc/sudoers

# Sudoers allows particle users to run various commands

# The root user, without needing the root password.

##

# Examples are provided at the bottom of the file for collections

# Of related commands, which can then be delegated out to particle

# Users or groups.

##

# This file must be edited with the 'Usually do 'command.

# Host Aliases

# Groups of machines. You may prefer to use hostnames (perhaps using

# Wildcards for entire domains) or IP addresses instead.

# Host_Alias FILESERVERS = fs1, fs2

# Host_Alias MAILSERVERS = smtp, smtp2

# User Aliases

# These aren't often necessary, as you can use regular groups

# (Ie, from files, LDAP, NIS, etc) in this file-just use % groupname

# Rather than USERALIAS

# User_Alias ADMINS = jsmith, mikem

Enter I and edit the file. a read-only prompt is displayed at the bottom of the file:

-- INSERT -- W10: Warning: Changing a readonly file

There should be no permission to view the permission after exiting the editing status:

[Root @ dbs aaa] # ll/etc/sudoers

-R -- r -----. 1 root 3825 Jul 22 0:05/etc/sudoers

It turns out that root has only the read-only permission. it is no wonder that you must first modify the permission so that root has full control permissions:

[Root @ dbs aaa] # chmod 740/etc/sudoers

Edit again. The read-only prompt is not displayed this time. find the following field:

# Allow root to run any commands anywhere

Root ALL = (ALL) ALL

Oracle ALL = (ALL) ALL

Aaa ALL = (ALL) ALL

Add an aaa user, such as aaa ALL = (ALL) ALL

After modification, enter wq to save the modification. after saving the modification, remember to change the permission back. Otherwise, an error message is displayed.

# Chmod 440/etc/sudoers

The permission must be 440. Otherwise, an error message is displayed.

OK. The sudo command can be used normally under the aaa user.


(End)