Instructions on the su, su-, and sudo commands in CentOS

In linux, because the root permission is too large, it is generally not used. You can only log on to the root user to execute management tasks in some special circumstances. Generally, the su and sudo commands are used for temporary root permissions. The su command is a tool for switching users. how can this problem be solved? For example, if we log on with a common user wade, but want to add a user task and execute useradd, the wade user does not have this permission, and this permission is exactly owned by the root user. There cannot be two solutions. one is

In linux, because the root permission is too large, it is generally not used. You can only log on to the root user to execute management tasks in some special circumstances. Generally, the su and sudo commands are used for temporary root permissions. The su command is a tool for switching users. how can this problem be solved? For example, if we log on with a common user wade, but want to add a user task and execute useradd, the wade user does not have this permission, and this permission is exactly owned by the root user. There are two solutions. one is to log out of the wade user and log in again as the root user, but this method is not the best. The other is that we do not need to log out of the wade user, you can use su to switch to the root directory to add users. after the task is completed, exit root. We can see that, of course, su switching is a good way; su can be used to switch between users, while super-permission user root does not need a password to switch to common or virtual users, what is power? That's it! A common user needs password verification to switch to any other user!

I. comparison with the su-command:

Through time operations, we can analyze the differences between the two commands:

1. parameter-,-l, -- login
Make the shell a login shell

The translation is as follows:

Su-,Su-lOrSu -- loginThe working directory, HOME, SHELL, USER, and LOGNAME are also changed when the command changes the identity. In addition, the PATH variable is also changed.The su-command is converted to the root user by default.

The "su command" without parameters does not change the current working directory and HOME, SHELL, USER, and LOGNAME. Only root permissions are granted.

2. Advantages and disadvantages of su;

Su is indeed convenient for management. by switching to root, all system management tools can be completed, as long as the root password is handed over to any common user, he can switch to the root to complete all the system management work. However, after su switches to the root, there are also insecure factors. for example, the system has 10 users who are also involved in the management. If these 10 users are involved in the use of super permissions, if the administrator wants other users to switch to the super-permission root through su, the root permission password must be told to these 10 users; if these 10 users have the root permission and can do anything through the root permission, the system security will be caused by the threat association to a certain extent; think about Windows, it is a nightmare; "There is no insecure system, and there are only insecure people." We cannot guarantee that these 10 users can manage the system according to the normal operation process, any major mistake made to system operations may result in system crash or data loss. Therefore, the su tool is not the best choice in system management involving many people, su is only applicable to systems where one or two people participate in management. after all, su cannot be used by common users. it is absolutely true that the root password of a super user should be in the hands of a few users! Therefore, the existence of centralized governance still makes sense. 

II. Comparison of su and sudo commands:

EnterSuAfter the command is run, you will be prompted to enter the password of the root account, and then enter the privileged mode (exactly the same as using root to log on to the system). enter exit or su-user to exit.

 

With the sudo command, you only need to enter the password of the current user (or you can configure it to do not enter the password) to execute the command that requires the root permission:

Through the comparison above, we can see that sudo has many advantages over su:

1. normal users can execute commands that require root permissions without knowing the root password;

2. do not use the root command to execute destructive commands because you forget to exit (this error is often made by linux beginners );

3. due to su's unrestricted permissions after switching to the super-permission user root, su cannot act as a system managed by multiple administrators. If su is used to switch to a super user to manage the system, it is not clear which operations are performed by the administrator. Especially when many people are involved in server management, it is best to assign specific permissions to the technical expertise and management scope of each administrator, and specify the tools used to complete the work related to it, so we need to use sudo.Through sudo, we can delegate certain super permissions to specific users.,Common users do not need to know the root password.Therefore, sudo is safer than the unrestricted su, so sudo can also be called restricted su. In addition, sudo requires authorization, therefore, it is also called the authorization permission su. The sudo command execution process is that the current user switches to the root (or another user who switches to the root), and then uses the root (or another user who switches to the root) after the command is executed, it is directly returned to the current user. The premise is that the sudo configuration file/etc/sudoers is used for authorization.

III. sudoCommand configuration

In linux, the newly created common user does not have the permission to execute sudo. for example, if you create a common user named wade, the following prompt is displayed when you enter the sudo command:

This indicates that the user wade does not exist in the sudoers file, and the time will be reported to the administrator.

Now that we know the problem is in the sudoers file, let's take a look at the file's sacredness:

After opening the file, the content is shown in:

There should be no permission to view the permission after exiting the editing status:

It turns out that root has only the read-only permission. it is no wonder that you must first modify the permission so that root has full control permissions:

Edit again. no read-only prompt is displayed this time. Then, find the following field at the end of the file:

Add user wade to the list, as shown in figure wade ALL = (ALL) ALL after adding:

After modification, enter wq to save the modification. after saving the modification, remember to change the permission back. Otherwise, an error message is displayed.

The permission must be 440. Otherwise, an error message is displayed.

OK. Now the sudo command can be used normally under the wade user ,.

The full text is over!