Linux su sudo (switch user)

Command su

Syntax: su [-] username

Can be followed with '-' can also not, ordinary users su username is to switch to the root user, of course, the root user can also su to ordinary users. '-' The function of this character is, plus will initialize the current user's various environment variables, about the environment variables this part of the content Amin in the following chapters. The following Amin do a simple experiment to illustrate the difference between adding and not adding '-':

[[email protected] ~]$ pwd/home/test[[email protected] ~]$ su Password: [[email protected] test]# Pwd/home/test[[email protected ] test]# exitexit[[email protected] ~]$ Su-password: [[email protected] ~]# Pwd/root

If you do not add '-' to the root account, the current directory does not change, plus '-' after switching to the root account, the current directory is the root account of the home directory, which is the same as the direct login root account. When you use root to switch to a normal user, you do not need to enter a password. This also embodies the supremacy of the root user rights.

Command: sudo

With Su is able to switch user identity, if every ordinary user can switch to root identity, if a user accidentally leaked the root password, it is not very insecure system? No mistake, in order to improve this problem, yielded the sudo command. A command that executes a root with sudo can be done, but requires a password that is not the root password but the user's own password. By default only the root user can use the sudo command, the normal user wants to use sudo, which requires root pre-set, that is, using the visudo command to edit the relevant configuration file/etc/sudoers. If this command is not Visudo, use yum Install- y sudo installation.

The default root is sudo because there is a line in this file, "root all= (All)," and adding "Test all= (All") under that line will give the test user the right to sudo. Use the "Visudo" command to edit the/etc/sudoers configuration file, in fact, its operation method and the previous Amin described in the "VI" command using the same method, press ' I ' into the editing mode, after editing, press "ESC", and then enter ": Wq" to complete the save.

# allow ROOT to run any commands anywhereroot all= (All) alltest all= (All) all

You can verify the permissions on the test account at this point.

[[email protected] ~]# su test[[email  protected] root]$ lsls:  Unable to open Directory .:  permissions are insufficient [[email protected] root]$ sudo  lswe trust you have received the usual lecture from the  local systemadministrator. it usually boils down to these three  things:     #1)  Respect the privacy of others.      #2)  Think before you type.     #3)  With great  Power comes great responsibility. [sudo] password for test:123  456  789  anaconda-ks.cfg   dirb  install.log  install.log.syslog  test  test1   Test2  test3 

Because the current directory after switching to the test account is still under/root, the test account does not have any permissions, so ' ls ' when prompted to say that the permissions are not enough, however, using sudo ls After entering the test account's own password, you have permission. The first time you use sudo, you'll get a big tip, and then use the sudo command again to stop prompting.

If you set one line for each additional user, this is too > annoying. So you can set this up. Remove the ' # ' in front of ' #%wheel all= (All) ' and let this line take effect. It means that all users of the wheel group have the right to sudo. Next you need to add all users who want sudo rights to the wheel group.

# # allows people in group wheel-run all Commands%wheel all=

The configuration file/etc/sudoers contains many configuration items, and you can use the command man sudoers to get help information. The following Amin introduces a very practical case, our requirement is to set up the Linux server as such: only allow the use of ordinary account login, and the ordinary account login, you can not enter the password will be able to sudo switch to the root account. Below but the configuration of Amin:

[Email protected] ~]# Visudo

Then add three lines to the last side of the file:

User_alias user_su = Test, test1, Amingcmnd_alias SU =/bin/suuser_su all= (All) nopasswd:su

After saving the configuration file, using Test, Test1, aming three accounts after logging on to Linux, execute command sudo su - switch to the root account and get all the rights of the root account.

[[email protected] ~]# su-test[[email protected] ~]$ sudo su-[[email protected] ~]# whoamiroot

This article is from "Linux rookie" blog, please be sure to keep this source http://490617581.blog.51cto.com/11186315/1757791

Linux su sudo (switch user)