Linux Login & Non-login Shell and Su, sudo related concepts

1.login & Non-login Shell

Linux system bootstrap, the kernel will create the INIT process for a series of system initialization operations. When each user logs in to the shell, the relevant login profile is read regardless of whether it is logged on as a pseudo terminal: ssh,x11 the console or the TTY console terminal. Linux has two types of logins Shell:login and Nologin:

• Login Shell: Login shell requires a complete login process , called login shell. What is full: Enter the user name and password . For example: Go tty1-tty6 control terminal, or go to ssh and other pseudo-terminal remote login
• Non-login Shell: You do not need to enter your account information when you log in to the shell. For example, under X11, open a pseudo-terminal, or under the shell, into the shell subprocess.

The difference between the two types of login shells is that the configuration file is read differently when the shell is logged in. Here we introduce two configuration files/etc/profile and ~/.BASHRC, in Unix system, the configuration files of these two shell environments are the two files we reach most:

• /etc/profile, at the top of the shell configuration file . This is a global setting for the system shell environment, such as path,mail many environment variables. Changes to it will affect all users.
• ~/.BASHRC, at the lowest end of the shell configuration file . This is a configuration file for each user's shell environment, and most of our personalized customizations can be directly modified in this file.
  

When login shell (bash) is logged in, it reads the configuration file:

• /etc/profile, global configuration
• ~/.bash_profile or ~/.bash_login or ~/.profile, personal configuration. There are three files because different shells may be named differently and only one of them will be read sequentially.

In fact, the login is not only read the two files, which in the/etc/profile file, but also ingest other configuration files, such as my Ubuntu machine on the contents of the file as follows:

#/etc/profile:system-wide. profile file for the Bourne shell (SH (1)) # and Bourne compatible shells (Bash (1), Ksh (1), Ash (1),..). If ["$PS 1"];  then #如果shell环境存在且不为sh, read/ETC/BASH.BASHRC  if ["$BASH"] && ["$BASH"! = "/bin/sh"]; then    # the file BASH.BASHRC already sets the default PS1.    # ps1= ' \h:\w\$ '    if [-F/ETC/BASH.BASHRC]; then      ./etc/bash.bashrc    fi  Else    if ["' Id-u '"-eq 0]; t Hen      ps1= ' # '    else      ps1= ' $ '    fi  fifi# The default umask is now handled by pam_umask.# see Pam_umask ( 8) and/etc/login.defs. #读取 all sh files under the/ETC/PROFILE.D directory if [-D/ETC/PROFILE.D]; Then for  i in/etc/profile.d/*.sh, do    if [-R $i];      $i    fi done  unset IFI

For my Ubuntu machine, the contents of the ~/.profile file are as follows: Finally, the shell will read the ~/.BASHRC file。

# ~/.profile:executed by the command interpreter for login shells.# This file was not read by Bash (1), if ~/.bash_profile or ~/.bash_login# exists.# see/usr/share/doc/bash/examples/startup-files for examples.# The files is located in the bash -doc package.# The default umask is set in/etc/profile; For setting the umask# for SSH logins, install and configure the Libpam-umask package. #umask 022# if running Bashif [-n] $BASH _version "]; Then    # include. BASHRC if it exists    if [-F ' $HOME/.BASHRC "]; then        . "$HOME/.BASHRC"    fifi# set PATH so it includes user ' s private bin if it existsif [-d ' $HOME/bin "] and then    path=" $H Ome/bin: $PATH "fi

Login Shell Read the configuration process (from:< >):

Non-login Shell (bash) at login, only read the configuration file: ~/.BASHRC. BASHRC This file sometimes does not exist, it needs to be created by itself, it can be personalized customization, will not affect other users.

2.su &sudo

In the Linux distributions I contacted, Ubuntu did not prompt for the root password setting during the installation process and only entered the system to set the root password via passwd under the shell, Fedora, Installing the root password and setting up a common user is often required during the CentOS installation process. It can be seen that the designers of Linux themselves expect the user to do the usual operation with lower privileges, which is based on security considerations.

However, in the shell environment, due to the needs of various jobs, we often need to switch user rights, the most common is to get root user permissions. The most commonly used commands are Su and sudo.

su [-LC] [username]-,-L,--login: uses the login shell to log in to username, if username is empty, the default login root.                  If this parameter is not available, log on to-C as Nonlogin, execute only once, and the command needs to be enclosed in quotation marks.

The point to be stressed here is the difference between Su and Su-, it's a bunch of the front. the difference between login and Non-login。

The presence of the sudo command I think there are two reasons:

• Using su to switch to root requires that all users know the root password and is not secure;
• Many times we switch to the root user just need to execute a statement, although Su-c can be completed, but each time to hit a space-C, and every time you have to enter the root password;

The above two reasons are the reason why sudo exists. sudo allows users to verify their own password to gain access to other users, only the root of the/etc/sudoers configuration, the contents of my sudoers file are as follows:

# user Privilege Specificationroot    all= (all:all) all# Admin Group member can switch to any user to execute any command%admin all= (all) all# allowed members of G Roup sudo to execute any command%sudo   all= (all:all) all#users group does not require a password to switch%users all= (All) nopasswd:all# Allow guest to switch to all users in the Samba_group group guest all= (%samba_group:all) all

Sudoers setting up a user with sudo permissions in the following way:

Login account Login Source hostname = ( switchable identity ) executable command

The login account can be: individual, group, alias . Groups need to be preceded by% to mark

For aliases, the four components of the sudoers structure can be represented by aliases:User_alias , runas_alias, host_alias, Cmnd_alias

Naming format for each alias: alias_type name = Item1, item2, ..., alias name must consist of uppercase letters, numbers, underscores, and start with uppercase letters.

For example:

User_alias Sbgroup = user1, User2, User3

Sbgroup all= (All) all

To ensure that the/etc/sudoers syntax is correct, we generally edit the file by Visudo.

Linux Login & Non-login Shell and Su, sudo related concepts