For Linux users, you can use the su and sudo commands. the use cases of these two commands are different. Su if your current identity is root, you can use the su command to switch to any other user (no password required), as shown below: [root @ lx200 ~] Su-oracle [o
For Linux users, you can use the su and sudo commands. the use cases of these two commands are different.
Su if your current identity is root, you can use the su command to switch to any other user (without a password), as shown below:
[root@lx200 ~]# su - oracle[oracle@lx200 ~ ]$
If your current identity is not root (a common user) and you want to switch to root through su, you must enter the root password:
[oracle@lx15 ~ ]$ su -Password: [root@lx15 ~ ]#
When Linux is managed by multiple users, if we use su to switch to root, then everyone needs to know the root password, which is very insecure. Therefore, su is simple, however, it is rarely used in actual use. Sudosudo allows common users to switch to the root user without knowing the root password. First, we need to configure/etc/sudoers, as shown below:
Defaults visiblepwUser_Alias ADMIN = root,adminADMIN ALL=(ALL) NOPASSWD: ALL
First, we define a user group (note: The user group name must be capitalized). This user group contains the root and admin users. the most important part of this file is the third line. The following explains the meaning of this file: 1) column 1st: User account, indicating which account can use the sudo command 2) column 2nd: restrict the source host name for logon, ALL indicates no limit 3) column 3rd: switchable identity. "ALL" indicates that you can switch to any identity. "NOPASSWD" indicates password-free input. (if no NOPASSWD exists, you must enter your own password for each switch.) 4) 4th columns: for executable commands, ALL indicates ALL commands. to restrict the commands, you can use the following definition:
zabbix ALL=(ALL) NOPASSWD: /sbin/fuser, /usr/sbin/lsof, /usr/sbin/dmidecode, /sbin/mii-tool, /usr/sbin/iptstate
Note: do not directly edit/etc/sudoers through vi. you should execute the export do command to edit the file because the system will check the/etc/sudoers syntax at the end of the process.
Through the above configuration, the admin user can execute the sudo su-command to switch from password-free to root. is it very convenient.