Go to Ubuntu and run the root permission commands-sudo and Su commands

Source: Internet
Author: User
Tags root access
Go to Ubuntu and run the root permission command-sudo and Su commands for Ubuntu user management

Sudo refers to super-user do, which allows the current user to temporarily run this command as the administrator.

Su is used to change the current user. Su root is used to switch the current user to the root user. After Su root is used, all the following commands can be skipped, because the current user is already the administrator root.

Root
The user is the root user, that is, the system administrator.

All Permissions
A user can have only one GID

But it can also belong to other additional groups.

Important configuration files managed by users:
/Etc/passwd username and password bit uid attribution GID name $ home directory
Login Shell/etc/shadow username encrypted password change information password policy/etc/group name password bit GID
Users in the group/etc/gshadow file related to the group password, which is not important./etc/sudoers user name permission definition permission [/PRE] pwconv can be used

Command to create the shadow password, set/etc/passwd

Convert the password in the file to/etc/shadow

File

Su [user name]




Switch to another user. By default, switch to the root user. The system prompts that the password will be switched to the user password-F to quickly switch, ignore the configuration file-l re-log on to-M,-P does not change the environment variable-C <command> after switching, execute the command, and exit Switch



Sudo [command]



Execute commands as other users. By default, commands are executed as root. Prompt password to switch-s to root
Switch shell-I to root shell, and initialize-u <username | uid> Command Execution identity-l display your Permissions


Passwd [user name]



Set User Password

-D. Clear the password.
-L lock user-e to expire the password. Change Password-s at next login to display password authentication information-x <days> password expiration, maximum use time-n <days> freeze password, minimum use time-s to change logon shell-F to change user information

Example:
$ Passwdchanging password for user (current) Unix
Password: original Password enter new Unix Password: New Password retype new Unix Password:
Confirm new password [/PRE

CHSH [-S <shell>] [user name]



Change logon Shell

1. Default sudo Configuration

During the authentication, Ubuntu is
Sudo provides a basic configuration, which is saved in the sudoers file under the/etc directory. When modifying this configuration file, be sure to use the mongodo Tool
The tool automatically performs a strict check on the configuration syntax. If an error is found, a warning is given when saving and exiting the tool, and a prompt is displayed indicating which configuration has an error, this ensures the correctness of the configuration file. On the contrary,
If other text editing programs are used, an error may cause serious consequences to the system. The following describes the default/etc/sudoers file content of Ubuntu :#
User Privilege specificationroot all = (all) All # Members of the Admin
Group may gain root privileges % admin all = (all) All

The following is a brief description of the above Configuration:

The
The role of a configuration is to allow the root user to use The sudo command to become any other type of user in the system. The second configuration requires that all Members in the Management Group can execute all their lives as root.

. Therefore, in the default Ubuntu system, to execute commands as root, you only need to keep up with the commands to be executed after sudo. The following is an example.
If you want to execute apt-Get update, type the following content in the command line: $ sudo apt-Get update

2. Configuration File Syntax explanation

Next, we will use an instance to explain in detail the configuration syntax of the/etc/sudoers file. See the following example: Jorge all = (Root)/usr/bin/find, /bin/RM

The first column above specifies that it applies to users or groups. In this example, It is user Jorge. In addition, because the group and user in the system can be renamed, to specify that the rule applies to a group rather than a user, the Group Object Name must start with a percent sign (%.

The second column specifies the applicable host of the rule. This column is particularly useful when we deploy the sudo environment among multiple systems. Here All represents all hosts. However, if you do not want to deploy sudo on a desktop or multiple systems, replace this column with the corresponding host name.

The value in the third column is enclosed in brackets, indicating the identity of the user specified in the first column to execute the command. In this example, the value is set to root, which means that the user Jorge can run the commands listed below as the root user. This value can also be set to the wildcard "all". Jorge can be used as any user in the system to execute the listed command.

The last column (/usr/bin/find,
/Bin/RM) is a command table separated by commas. These commands can be run by users specified in the first column as indicated in the third column. In this example, the configuration allows Jorge to run as a Super User.
/Usr/bin/find and/bin/RM commands. It must be noted that the commands listed here must use absolute paths.

3. How to Use the sudo command

Now the question is, how can a user Jorge use the permissions assigned to him? In fact, it is very simple. You only need to use the sudo command in command line mode.

Add the program he wants to run, for example, Jorge @ Ubuntu :~ $ Sudo find .! -Name '*. avi'-exec Rm-f //{//}//;

If Jorge tries to execute a program (such as find or RM) outside of the/etc/sudoers file, The sudo command will end with a failure and give a warning, it indicates that he is not authorized to run these commands as a Super User.

To run commands as a non-root user, you must use the-u option to specify the user to be used. Otherwise, sudo will be the root user by default, for example, to run the LS command as Fred, you should: $ Sudo-u Fred ls/home/Fred

Just
As you can see, we can use these rules to create specific roles for the system. For example, if you want a group to be responsible for account management, you do not want these users to have full root access permissions.
Users must have the right to add and delete users, so we can create a group named accounts on the system and add those users to the group. And then use
When do is/etc/sudoers, add the following content: % accounts all = (Root)/usr/sbin/useradd,
/Usr/sbin/userdel,/usr/sbin/usermod

Now, all the Members in the Accounts Group can run the useradd, userdel, and usermod commands. If you find that the role requires other tools after a while, you just need to add them at the end of the table. This is really convenient!

Yes
Note that the complete command path must be used when you define commands that can be run for users. This is entirely out of security considerations. If the command we give is just a simple userad
/Usr/sbin/useradd, then the user may create his own script, also known as userad, and put it in its local path, so that he can
The local script of useradd is used as the root to execute any command he wants. This is quite dangerous!

Another convenient feature of the sudo command is what it can point out
You do not need to enter a password when executing a command. This is useful, especially when running some commands as a Super User in non-interactive scripts. For example, if you want to make a user a Super User, you do not have to enter a password.

Run the kill command to immediately kill a runaway process. Therefore, add the nopasswd: attribute to the front of the command line. For example, you can add
So that Jorge can obtain such power: Jorge all = (Root) nopasswd:/bin/kill,
/Usr/bin/killall

In this way, Jorge can run the following command to kill the out-of-control RM process as the root user. Jorge @ Ubuntu :~ $ Sudo killall RM

6. How to enable the root account

Through the above introduction, we found that sudo is indeed very useful, but if you have been used to working in root for a long time, what should you do to review the past? Simply set a root password for the root user: $ sudo passwd Root

Now you can log on directly as the root user.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.