One, the SU command
There are some things in the Linux system that can only be done by the root user, the normal user cannot do it, and then it is necessary to temporarily switch to root.
[Email protected] ~]# WhoAmI
Root
[Email protected] ~]# su davery
[Email protected] root]$
[Email protected] root]$ pwd
/root
[Email protected] root]$
[Email protected] ~]# su-davery
Last Login: 63 months 23:28:54 CST 2018pts/0
[Email protected] ~]$
[Email protected] ~]$ pwd
/home/davery
Execute the SU under root
[[email protected] ~]# Su-C "Touch/tmp/0.txt"
[[email protected] ~]# ID davery
uid=1000 (davery) gid=1003 (GRP1) group =1003 (GRP1), 1006 (User3)
[Email protected] ~]#
[Email protected] ~]# ls-lt/tmp/|head
Total Dosage 128
-rw-r--r--. 1 root root 0 March 23:35 0.txt
DRWX------. 3 root root 17 March 20:31 Systemd-private-3fea4823af474bc8a935371aa2ce12c9-vmtoolsd.service-oapic7
DRWX------. 3 root root 17 March 20:31 systemd-private-3fea4823af474bc8a935371aa2ce12c9-vgauthd.service-kjbz07
DRWX------. 3 root root 17 March 20:31 Systemd-private-3fea4823af474bc8a935371aa2ce12c9-chronyd.service-k08zw8
-rw-r--r--. 1 root root 889 March 00:03 q.txt
Drwxr-xr-x. 4 root root 29 March 00:00 Davy
-rw-r--r--. 1 root root 889 March 23:53 1.txt
-rwxr-xr-x. 1 root root 117656 March 23:20 LS1
Drwxr-xr-x. 3 777 Root 15 March 22:19 Davery
[Email protected] ~]#
[[email protected] ~]# ID davery
uid=1000 (davery) gid=1003 (GRP1) group =1003 (GRP1), 1006 (User3)
[Email protected] ~]#
Two, sudo command
sudo is a privilege management mechanism that allows administrators to authorize some ordinary users to perform some root operations without needing to know the root password
Make davery identity Execute root command
[Email protected] ~]# Visudo
Find root, edit next line
Root all= (All) all
Davery all= (All) all
Example
[Email protected] ~]# sudo/usr/bin/ls/root/
1.txt anaconda-ks.cfg.01 anaconda-ks.cfg.1 davery make Uear1 user1
[Email protected] ~]#
Third, limit root Telnet
[Email protected] ~]# Vi/etc/ssh/sshd_config
#PermitRootLogin Yes to #permitrootlogin no
[[Email protected] ~] #systenctl Restart Sshd.service
Linux centosvmware su command, sudo command, restrict root telnet