Sudo command: if you use a Linux Command, the following error occurs: sudolinux

Source: Internet
Author: User

Sudo command: if you use a Linux Command, the following error occurs: sudolinux

Have you ever received the "Permission denied" error message when running Linux commands? This may be because you are trying to perform an operation that requires the root permission. For example, the following shows the errors that occur when I try to copy a binary file to a system directory.

Shell Access Denied

How can this problem be solved? Simple: Use the sudo command.

Run commands with sudo

After you run this command, you will be prompted to enter your logon password. Once the correct password is entered, the operation will be successful.

There is no doubt that sudo is a command that anyone who uses command lines on Linux must know. However, to use this command more responsibly and effectively, you still need to know the relevant (and in-depth) details. This is exactly what we will discuss in this article.

Before proceeding, it is worth mentioning that all command instructions mentioned in this article have passed the test in Bash 4.3.11 of Ubuntu 14.04 LTS.

What is sudo?

As most of you know, sudo is used to execute commands that require elevation of permissions (usually as root users. This example has been discussed in the introduction section before this article. However, if you want to, you can use sudo to run commands with other (non-root) users.

This is implemented by the-u command line option provided by the tool. For example, as shown in the following example, I (himanshu) tried to rename a file in the Home directory of another user (howtoforge, however, an error "Access Denied" is returned. Then I added sudo-u howtoforge and used the same "mv" command. The command was successfully executed:

What is sudo?

Can anyone use sudo?

No. A user must be able to use sudo. There should be a piece of information related to this user in the/etc/sudoers file. The following section from the Ubuntu website makes it clearer:

The/etc/sudoers file controls who can run commands on which machine as the identity of which user, and special circumstances, such as whether to enter a password for a specific command. This file consists of the alias aliases (basic variable) and user identification user specifications (control who can run what command.

If you are using Ubuntu, it is easy for a user to run the sudo command: All you need to do is change the Account type to administrator. This can be done directly in System Settings> User Account Accounts.

Sudo user

First, unlock the window:

Unlocking window

Then select the user you want to change the user type, and change the type to administrator.

Choose sudo accounts

However, if you do not use Ubuntu or your release does not provide this feature, you can manually edit the/etc/sudoers file to achieve this change. To add such a line to the file:

[user]    ALL=(ALL:ALL) ALL

[User] should be replaced by the user name of the user you want to escalate sudo permissions. One important thing worth mentioning here is that the official recommendation is to use the mongodo command to edit the file-what you need to do is to run the following command:

sudo visudo

To clarify what is going on, here is a summary from the mongodo manual:

Mongodo edits the sudoers file in safe mode. Mongodo locks the sudoers file to prevent multiple edits at the same time. It provides basic checks (sanity checks) and syntax error checks. If the sudoers file is being edited, you will receive a message prompting you to try again later.

For more information about mongodo, visit here.

What is a sudo session?

If you often use the sudo command, you must have noticed that after you successfully enter the password, you do not need to enter the password to run the sudo command several times. However, after a while, the sudo command will ask for your password again.

This phenomenon is not related to the number of running sudo commands, but to time. Yes, sudo does not require the password again within 15 minutes after one password is entered by default. After 15 minutes, you will be asked to enter the password again.

However, if you want to, you can change this phenomenon. Run the following command to open the/etc/sudoers file:

sudo visudo

Find this line:

Defaults env_reset

Env_reset

Then add the following variables at the end of the line:

Defaults env_reset,timestamp_timeout=[new-value]

[New-value] indicates the duration of the sudo session. For example, set the value to 40.

Sudo timeout value

If you want to enter a password every time you use the sudo command, you can assign this variable to 0. If you want a sudo session to never expire, the value should be-1.

Note that it is strongly not recommended to assign the value of timestamp_timeout to "-1.

Sudo Password

You may have noticed that when sudo requires a password and you start to enter it, nothing will be displayed-or even no regular asterisks. Although this is not a big problem, some users want to display asterisks.

The good news is that it may also be easy to do. All you need to do is to put the following lines in the/etc/sudoers file:

Defaults env_reset

Change

Defaults env_reset,pwfeedback

Save the file.

The asterisk is displayed whenever you enter the sudo password.

Hide the sudo password

Important sudo command line parameters

In addition to the-u command line parameters (which we have discussed at the beginning of this tutorial), there are other important sudo command line parameters worth noting. In this section, we will discuss some of them.

-K parameter

Consider this situation: after entering the password, you just run several sudo driver commands. As you know, sudo sessions are maintained for 15 minutes by default. Suppose you want some people to access your terminal during this session, but you don't want them to use sudo. What will you do?

Fortunately, the-k Command Line Parameter allows the user to cancel the sudo permission. This is what the sudo help page explains:

-K, -- reset-timestamp

Revoke the user's cached creden。 without any command. In other words, the next time you use sudo, you will be asked to enter the password. You do not need a password to use this parameter. You can also put it in A. logout file to revoke the sudo permission.

When used together with a command or a password operation, this parameter will cause sudo to ignore user cached creden. The result is that sudo requires a password (if this is required by the security policy) and does not update the user's cached creden.

-S Parameters

Sometimes your work requires you to run a bunch of commands that require root permissions. You don't want to enter the password every time. You do not want to adjust the expiration time of a sudo session by changing the/etc/sudoers file.

In this case, you can use the-s parameter of sudo. The sudo help page explains this:

-S, -- shell

If the SHELL environment variable is set or the user's password database is called to specify a shell, run the shell. If a command is specified, the command is passed to the shell for execution through the shell-c parameter. If no command is specified, an interactive shell is executed.

Therefore, basically the command parameters are as follows:

Start a new shell. If $ SHELL is empty, the shell defined in/etc/passwd will be used.
If you use the-s parameter to pass a command name (such as sudo-s whoami), sudo/bin/bash-c whoami is actually executed.
If you have not tried other commands (that is, you just want to run sudo-s), you will get an interactive shell with root permissions.

Remember, the-s command line parameter gives you a shell with the root permission, but it is not the root environment-or you can execute your own. bashrc. For example, in the new shell run by sudo-s, if you run the whoami command, your user name will still be returned instead of the root user.

-I Parameters

The-I parameter is similar to the-s parameter we have discussed. However, there is a difference. An important difference is that I gives you a root environment, which means that your (User). bashrc is ignored. This is like a root user without explicitly logging on with the root user. In addition, you do not need to enter the root user password.

Important: note that the su command also allows you to switch users (default switch to root ). You need to enter the root password for this command. To avoid this, you can use sudo to execute it (sudo su) so that you only need to enter your login password. However, there is an implicit difference between su and sudo su-to understand them and their differences with sudo-I, please refer to here.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.