Go to Ubuntu and run the root permission command-sudo and Su commands for Ubuntu user management
Sudo refers to super-user do, which allows the current user to temporarily run this command as the administrator.
Su is used to change the current user. Su root is used to switch the current user to the root user. After Su root is used, all the following commands can be skipped, because the current user is already the administrator root.
Root
The user is the root user, that is, the system administrator.
All Permissions
A user can have only one GID
But it can also belong to other additional groups.
Important configuration files managed by users: /Etc/passwd username and password bit uid attribution GID name $ home directory Login Shell/etc/shadow username encrypted password change information password policy/etc/group name password bit GID Users in the group/etc/gshadow file related to the group password, which is not important./etc/sudoers user name permission definition permission [/PRE] pwconv can be used
Command to create the shadow password, set/etc/passwd
Convert the password in the file to/etc/shadow
FileSu [user name]
Switch to another user. By default, switch to the root user. The system prompts that the password will be switched to the user password-F to quickly switch, ignore the configuration file-l re-log on to-M,-P does not change the environment variable-C <command> after switching, execute the command, and exit Switch
Sudo [command]
Execute commands as other users. By default, commands are executed as root. Prompt password to switch-s to root Switch shell-I to root shell, and initialize-u <username | uid> Command Execution identity-l display your Permissions
Passwd [user name]
Set User Password
-D. Clear the password.
-L lock user-e to expire the password. Change Password-s at next login to display password authentication information-x <days> password expiration, maximum use time-n <days> freeze password, minimum use time-s to change logon shell-F to change user information
Example: $ Passwdchanging password for user (current) Unix Password: original Password enter new Unix Password: New Password retype new Unix Password: Confirm new password [/PRE CHSH [-S <shell>] [user name]
Change logon Shell |
1. Default sudo Configuration
During the authentication, Ubuntu is
Sudo provides a basic configuration, which is saved in the sudoers file under the/etc directory. When modifying this configuration file, be sure to use the mongodo Tool
The tool automatically performs a strict check on the configuration syntax. If an error is found, a warning is given when saving and exiting the tool, and a prompt is displayed indicating which configuration has an error, this ensures the correctness of the configuration file. On the contrary,
If other text editing programs are used, an error may cause serious consequences to the system. The following describes the default/etc/sudoers file content of Ubuntu :#
User Privilege specificationroot all = (all) All # Members of the Admin
Group may gain root privileges % admin all = (all) All
The following is a brief description of the above Configuration:
The
The role of a configuration is to allow the root user to use The sudo command to become any other type of user in the system. The second configuration requires that all Members in the Management Group can execute all their lives as root.
. Therefore, in the default Ubuntu system, to execute commands as root, you only need to keep up with the commands to be executed after sudo. The following is an example.
If you want to execute apt-Get update, type the following content in the command line: $ sudo apt-Get update
2. Configuration File Syntax explanation
Next, we will use an instance to explain in detail the configuration syntax of the/etc/sudoers file. See the following example: Jorge all = (Root)/usr/bin/find, /bin/RM
The first column above specifies that it applies to users or groups. In this example, It is user Jorge. In addition, because the group and user in the system can be renamed, to specify that the rule applies to a group rather than a user, the Group Object Name must start with a percent sign (%.
The second column specifies the applicable host of the rule. This column is particularly useful when we deploy the sudo environment among multiple systems. Here All represents all hosts. However, if you do not want to deploy sudo on a desktop or multiple systems, replace this column with the corresponding host name.
The value in the third column is enclosed in brackets, indicating the identity of the user specified in the first column to execute the command. In this example, the value is set to root, which means that the user Jorge can run the commands listed below as the root user. This value can also be set to the wildcard "all". Jorge can be used as any user in the system to execute the listed command.
The last column (/usr/bin/find,
/Bin/RM) is a command table separated by commas. These commands can be run by users specified in the first column as indicated in the third column. In this example, the configuration allows Jorge to run as a Super User.
/Usr/bin/find and/bin/RM commands. It must be noted that the commands listed here must use absolute paths.
3. How to Use the sudo command
Now the question is, how can a user Jorge use the permissions assigned to him? In fact, it is very simple. You only need to use the sudo command in command line mode.
Add the program he wants to run, for example, Jorge @ Ubuntu :~ $ Sudo find .! -Name '*. avi'-exec Rm-f //{//}//;
If Jorge tries to execute a program (such as find or RM) outside of the/etc/sudoers file, The sudo command will end with a failure and give a warning, it indicates that he is not authorized to run these commands as a Super User.
To run commands as a non-root user, you must use the-u option to specify the user to be used. Otherwise, sudo will be the root user by default, for example, to run the LS command as Fred, you should: $ Sudo-u Fred ls/home/Fred
Just
As you can see, we can use these rules to create specific roles for the system. For example, if you want a group to be responsible for account management, you do not want these users to have full root access permissions.
Users must have the right to add and delete users, so we can create a group named accounts on the system and add those users to the group. And then use
When do is/etc/sudoers, add the following content: % accounts all = (Root)/usr/sbin/useradd,
/Usr/sbin/userdel,/usr/sbin/usermod
Now, all the Members in the Accounts Group can run the useradd, userdel, and usermod commands. If you find that the role requires other tools after a while, you just need to add them at the end of the table. This is really convenient!
Yes
Note that the complete command path must be used when you define commands that can be run for users. This is entirely out of security considerations. If the command we give is just a simple userad
/Usr/sbin/useradd, then the user may create his own script, also known as userad, and put it in its local path, so that he can
The local script of useradd is used as the root to execute any command he wants. This is quite dangerous!
Another convenient feature of the sudo command is what it can point out
You do not need to enter a password when executing a command. This is useful, especially when running some commands as a Super User in non-interactive scripts. For example, if you want to make a user a Super User, you do not have to enter a password.
Run the kill command to immediately kill a runaway process. Therefore, add the nopasswd: attribute to the front of the command line. For example, you can add
So that Jorge can obtain such power: Jorge all = (Root) nopasswd:/bin/kill,
/Usr/bin/killall
In this way, Jorge can run the following command to kill the out-of-control RM process as the root user. Jorge @ Ubuntu :~ $ Sudo killall RM
6. How to enable the root account
Through the above introduction, we found that sudo is indeed very useful, but if you have been used to working in root for a long time, what should you do to review the past? Simply set a root password for the root user: $ sudo passwd Root
Now you can log on directly as the root user.