User management in Ubuntu (5) grant system administrator privileges to regular users

Source: Internet
Author: User
Tags parse error superuser permission
User management in Ubuntu (5) grant regular user system administrator permissions Related links: Ubuntu User Management (a) user account OS /201207/143927.html?ubuntuin user management (2) Group management OS /201207...
User management in Ubuntu (5) grant system administrator privileges to regular users: User management in Ubuntu (1) user account ; User management in Ubuntu (2) Group management ; User management in Ubuntu (3) User Management ; User management in Ubuntu (4) password management Running commands with super user permissions usually involves two situations: (1) you have a super user account (enabled by the root account) and a regular user account; (2) you are not a regular user but do not have the permissions of super users (this often happens to the primary and middle-level system administrators in large multi-user networks ). Let's take a look at these two situations: (1) the su command temporarily changes the user identity in this case, you need to enable the super user account (which is disabled by default in Ubuntu ). When the root account is enabled, you can use the sudo passwd command. Then you can run the su command to enter the root user. The format of the su command is as follows: su option username arguments uses the su command separately. you become the root user, but the environment variables of your original regular user are still retained, your current directory will not change. When you use the su-command, you become the root user and inherit the environment variable of the root user to become another user, you must specify the user name in the command line: if su-other_user wants to return to your original user identity, use the exit command. When you want some users to execute commands that require super user permissions, you can tell them the root user's password and they can use the su command to enter the root user and execute the corresponding commands. (2) The sudo command grants the superuser permission. sudo is used in combination with the command. The sudo command format is as follows: sudo command when you enter the preceding command, sudo checks the/etc/sudoers file to check whether the user is authorized to obtain the superuser permission. If possible, the user will be prompted to enter the password of the user, and then the command will be executed, just as the root user executes the command. When using the sudo command within 15 minutes during the default setting of Ubuntu, do not enter the password again. If an unauthorized user uses the sudo command, the record is saved in the system log and notified to the Super User. There are three man pages related to sudo: sudo, sudoers, and mongodo. The first is about the sudo command itself, the second is about the/etc/sudoers file, and the third is to use a text editor to edit the/etc/sudoers file. You need to use a special edit command because it will check the file's parse error and lock the file to prevent others from editing. The do command uses the vi editor. The/etc/sudoers file is as follows: # This file MUST be edited with the 'Usually do 'command as root. # Please consider adding local content in/etc/sudoers. d/instead of # directly modifying this file. # See the man page for details on how to write a sudoers file. # Defaults env_resetDefaults secure_path = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin: $ # Host alias specification # User alias specification # Cmnd alias speci Fication # User privilege specificationroot ALL = (ALL: ALL) ALL # Members of the admin group may gain root privileges % adminALL = (ALL) ALL # Allow members of group sudo to execute any command % sudo ALL = (ALL: ALL) ALL # See sudoers (5) for more information on "# include" directives: # includedir/etc/sudoers. the basic form of a sudoers row in the d file is as follows: user host_computer = command this user can be a separate user or a group (% before the group ). Generally, host_computer includes ALL hosts, or localhost only includes local hosts. The command in the sudoers line can be ALL, including ALL special commands, or a subset of ALL commands (it will be added before a command that cannot be used !). Sudoers man page will provide detailed information. Here are just a few simple examples: If we add row % wheel ALL = (ALL) NOPASSWD: ALL, then any user added to the wheel group will be able to execute any command without entering a password. Suppose we want to give sunny the user the permission to add the user to the graphic interface across the network, we can add the following line: sunny ALL =/users-admin or we only want sunny to have this permission on her PC: sunny =/usr/bin/users-admin if we want to authorize the editors Group to delete files without a password, we can use: % editors ALL = NOPASSWD: /bin/rm if we want to grant each user permission to mount the CD drive without a password on the current host, we can use: ALL localhost = NOPASSWD: /sbin/mount/dev/cd0/mnt/cdrom/sbin/umount/mnt/cdrom the following command will output the list of commands authorized by the current user: sudo-l someone may mistakenly think that the su command is short for super user, In fact, su is written by substitute user. Another important difference is the difference between the command su and the command su-. The former gives you the identity of a new user but retains the environmental variables (such as path) of your original user ), the latter inherits the environment variables of new users. For example, when you use the su command to change to the super user root, you do not inherit the super user's environment variable/bin or/sbin, so you must enter the full path of the command to execute it, otherwise, the system will not find the command you want to execute. In Ubuntu, the first user to be created is classified as root, although the real root user is disabled by default. If you want other users to obtain full permissions of the root user through the sudo command, you can add this user to the admin group. Author lqhbupt
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.