Ubuntu User Management sudo means super-user do, which allows the current user to temporarily execute this command as the administrator's identity root. Su is used to change the current user's, Su root, is to switch the current user to root, after using the SU root, all the following commands can not play sudo, because the current user is already administrator root. root user, that is, the system administrator has full permissions A user can only have one GID, but may also belong to other additional groups
Important profiles for user management: /ETC/PASSWD User name password bit UID attribution gid name $HOME Directory login shell/etc/shadow username encrypted password Password change information password Policy/etc/group group name password location GID Group User/etc/gshadow Group Group password related files, unimportant/etc/sudoers user name permission definition permission [/pre] You can use the Pwconv command to create shadow passwords and convert the passwords in/etc/passwd files to/etc/shadow files
Su [user name] Switch to another user, and switch to root user by default. Prompt password to switch user password-f fast switch, ignore profile-l login-m, p do not change environment variable-c < command > switch to execute command and exit switch
sudo [command] Executes the command as another user, by default as root. Prompt password for current user password-s switch to root shell-i switch to root shell, and initialize-u < username | Uid> execute Command's identity-l display my own permissions
passwd [user name] Set User password -D Clear Password-l lock user-e expire password, change password at next logon-s display password authentication information-x < days > password expiration, maximum use time-n < days > Frozen password, min. s change login shell-f change user Information sample: $passwdChanging Password for user (current) UNIX password: The original password enter new UNIX password: New password Retype the new UNIX password: confirm the password [/ Pre
Chsh [-S <shell>] [user name] Change Login Shell |
Default configuration for 1.sudo By default, Ubuntu provides a basic configuration for sudo, which is saved in the sudoers file in the/etc directory. When modifying this profile, be sure to use the Visudo tool for editing, because the tool automatically checks the configuration syntax and, if it finds an error, warns you when you save the exit, and prompts you which configuration is wrong, ensuring that the configuration file is correct. Conversely, if you use other text editing programs, the system can have serious consequences if you make an error. The following is the Ubuntu default/etc/sudoers file content: # User privilege Specificationroot all= (All) all# members of the admin group may gain root Privileges%admin all= (All) Below is a brief description of the above configuration: The first configuration is to allow the root user to use the sudo command to become any other type of user in the system. The second configuration stipulates that all members of the administrative group can execute all commands as root. Therefore, in the default installation of the Ubuntu system, if you want to execute as the root of the command, as long as the following command to follow the sudo. Here's an example to illustrate that if you want to perform apt-get update, you should type the following on the command line: $ sudo apt-get update 2. Detailed configuration file syntax Next, we use an example to explain the configuration syntax of the/etc/sudoers file in detail, see the following example: Jorge All= (Root)/usr/bin/find,/bin/rm The first column above stipulates its applicable object: User or group, in this case, it is user Jorge. In addition, because groups and users in the system can have duplicate names, the name of the group object must begin with a percent sign to specify that the applicable object of the rule is a group rather than a user. The second column specifies the applicable host for this rule. This column is especially useful when we deploy the sudo environment between multiple systems, where all represents all hosts. However, this column is replaced with the appropriate host name for the desktop system or if you do not want to deploy sudo to multiple systems. The value in the third column is enclosed in parentheses, indicating in what capacity the user in the first column is able to execute the command. In this case, the value is set to root, which means that the user Jorge be able to run the commands listed later as the root user. This value can also be set as a wildcard character all,jorge can be used as any user in the system to execute the listed commands. The last column (i.e./usr/bin/find,/bin/rm) is a comma-separated command table that can be run by the user specified in the first column as indicated in the third column. In this case, the configuration allows Jorge to run the/usr/bin/find and/BIN/RM commands as Superuser. It is important to note that the commands listed here must use absolute paths. How to use the 3.sudo command The question now is how the user Jorge to use the permissions assigned to him. It's really simple, just use the sudo command in command line mode Plus he wants to run the program on it, such as: jorge@ubuntu:~$ sudo find. ! -name ' *.avi '-exec rm-f \\{\\} \ \ n; If Jorge attempts to execute a program other than the/etc/sudoers file, such as Find or RM, the sudo command ends in failure with a warning message stating that he has no right to run the commands as Superuser. To run a command as a non-root user, you must use the-u option to specify the user you want to act on, otherwise sudo will default to root, for example, if you want to execute the LS command as Fred, you should: $ sudo-u Fred Ls/home/fred As you can see, we could use these rules to create specific roles for the system. For example, to have a group responsible for account management, you do not want these users to have full root access, on the other hand, they have the right to add and remove users, then we can create a group named accounts on the system, and then add those users to the group. Then use Visudo to add the following for/etc/sudoers:%accounts all= (Root)/usr/sbin/useradd,/usr/sbin/userdel,/usr/sbin/usermod Well now, any member of the Accounts group can run the Useradd, Userdel, and Usermod commands. If, after a while, you find that the role requires additional tools, just add it to the tail of the table. It's very convenient. It is important to note that when we define a command that can be run for the user, the full command path must be used. This is done entirely for security reasons, and if the command we give is simply userad rather than/usr/sbin/useradd, then it is possible for the user to create a script of his own, also known as Userad, and place it in its local path, so that he can pass the name Useradd's local script, as root to execute any command he wants. This is quite dangerous. Another handy feature of the sudo command is its ability to indicate which commands are not required to enter a password at execution time. This is useful, especially if you are running certain commands as Superuser in a non-interactive script. For example, to allow a user to execute a KILL command without having to enter a password as a superuser, so that users can instantly kill a runaway process. To do this, precede the command line with the NOPASSWD: property. For example, you can add the following line to the/etc/sudoers file to give Jorge access to this power: Jorge All= (Root) nopasswd:/bin/kill,/usr/bin/killall In this way, Jorge can run the following command, as root user to kill the runaway RM process. jorge@ubuntu:~$ sudo killall rm 6. How to enable the root account Through the above introduction, we found that sudo is really good, but if you have been accustomed to working under the root, want to reflect on the past feeling how to do it. Very simply, just set a root password for root: $ sudo passwd root OK, now you can just log in as root. |