Linux limit root telnet, su command, sudo command

SU command:

1, SU Switch user command example: su-aming

2. WhoAmI View Current User commands

3. PWD View current directory

Example: Input su aming can also switch users, but the directory is not in its own user directory, as follows:

[email protected] ~]# su aming

[Email protected] root]$ pwd

/root

[[email protected] root]$ ls

LS: Unable to open Directory.: Insufficient permissions

[[Email protected] root]$ exit

[Email protected] ~]# su-aming

Last login: October 19:43:20 CST 2017pts/0

[Email protected] ~]$ pwd

/home/aming

[Email protected] ~]$

Note that when switching users, be sure to add-.

4, Su-C Specify the user to execute a command

[[email protected] ~]# Su-C "touch/tmp/aming.111" aming

[Email protected] ~]# ls-l/tmp/|head

Total Dosage 116

-rw-r--r--. 2 root root 0 October 20:04 1.txt.bak

-rw-r--r--. 1 aming grp2 0 October 19:53 aming.111

DRWXRWX---. 2 user1 aming 19 October 11:25 aming2

Drwxr-xr-x. 3 root root 15 October 19:59 Aminglinux

-rwxr-xr-x. 1 root root 117656 October 20:46 ls2

DRWX------. 3 root root 17 October 03:56 SYSTEMD-PRIVATE-4D315CDBC8EF4B6FB7FE88EB7C2A8FFC-VMTOOLSD.SERVICE-NDAVQB

DRWX------. 3 root root 17 October 16:53 SYSTEMD-PRIVATE-6F7DE3C360E54EBD90228529E81A6451-VMTOOLSD.SERVICE-SYUKNL

DRWX------. 3 root root 17 October 15:12 SYSTEMD-PRIVATE-D7366EF92190425097A68C22ADA7A3B0-VMTOOLSD.SERVICE-LZZSPV

Drwxr-xr-x. 2 User1 aming 6 October 11:33 Yum.log

[[email protected] ~]# ID aming

uid=1000 (aming) gid=1005 (GRP2) group =1005 (GRP2), 1007 (USER5)

[[Email protected] ~]# Date

Monday, October 30, 2017 19:54:11 CST

Example: Switching from a normal user to another user, such as switching from a aming user to a User5

[Email protected] ~]# SU-USER5

SU: Warning: Unable to change to/home/user5 directory: There is no file or directory//Because the USER5 is locked

-bash-4.2$ Log Out

[Email protected] ~]# passwd USER5

Change the password for the user user5.

New Password:

Re-enter the new password:

PASSWD: All the authentication tokens have been successfully updated.

[Email protected] ~]# su-aming

Last login: October 19:53:21 CST 2017pts/0

[Email protected] ~]$ SU-USER5

Password:

Last Login: 210 months 18:49:01 CST 2017pts/0

SU: Warning: Unable to change to/home/user5 directory: no file or directory

-bash-4.2$ pwd//normal should be displayed in the home directory below the USER5 user, displayed incorrectly

/home/aming

-bash-4.2$ Log Out

[[email protected] ~]$ Logout

The following actions return to normal:

[[email protected] ~]# ID USER5//view user owner and genus Group

uid=1007 (USER5) gid=1007 (USER5) group =1007 (USER5)

[[email protected] ~]# MKDIR/HOME/USER5//Create home directory

[[email protected] ~]# chown user5:user5/home/user5///change Group and owner

[[email protected] ~]# SU-USER5//switch user or not

Last Login: 210 months 18:50:31 CST 2017pts/0

-bash-4.2$ pwd

/home/user5

-bash-4.2$ Ls-la

Total dosage 0

Drwxr-xr-x. 2 User5 user5 6 October 31 18:51.

Drwxr-xr-x. Root root 118 October 31 18:51..

-bash-4.2$ su-aming//switch to aming user

Password:

Last Login: 210 months 18:50:15 CST 2017pts/0

Last failed Login: 210 months 18:52:51 CST 2017pts/0

There were 1 failed login attempts after the most successful login.

[[email protected] ~]$ Ls-la//View User profile

Total dosage 16

DRWX------. 2 aming GRP2 83 October 30 19:43.

Drwxr-xr-x. Root root 118 October 31 18:51..

-RW-------. 1 aming grp2 46 October to 18:51. bash_history

-rw-r--r--. 1 aming grp2 18 August 3. Bash_logout

-rw-r--r--. 1 aming GRP2 193 August 3. Bash_profile

-rw-r--r--. 1 aming grp2 231 August 3. BASHRC

[[email protected] ~]$ Logout

[[email protected] ~]# ls/etc/skel///System template configuration file

[[email protected] ~]# ls-la/etc/skel///view File

Total Dosage 24

Drwxr-xr-x. 2 root root 62 October 17 05:04.

Drwxr-xr-x. Root root 8192 October 31 18:50.

-rw-r--r--. 1 root root 18 August 3. Bash_logout

-rw-r--r--. 1 root root 193 August 3. Bash_profile

-rw-r--r--. 1 root root 231 August 3. BASHRC

[[email protected] ~]# cp/etc/skel/.bash*/home/user5///Copy the configuration file to the User5 home directory

[[email protected] ~]# chown-r user5:user5!$//change directory belongs to group and owner

Chown-r user5:user5/home/user5/

[[email protected] ~]# SU-USER5//Successful Login

Last Login: 210 months 18:52:29 CST 2017pts/0

[Email protected] ~]$ pwd

/home/user5

[[email protected] ~]$ Logout

Note: Ordinary users can also directly su to the root user, provided that the root password is known.

sudo command:

1, sudo can let ordinary users temporarily to execute a command, specify user execution (use: Do not need to give ordinary user administrator rights, you can specify the normal user to have partial command rights)

Cases:

Enter the command Visudo, edit the file under the root user to add the normal user needs to operate the root user rights, all represents all.

650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/01/bdc9fe18a4afe273e0a20283da67e716.png-wh_500x0-wm_3 -wmp_4-s_2993787250.png "title=" 1.png "alt=" Bdc9fe18a4afe273e0a20283da67e716.png-wh_ "/>

Set nu view number of rows

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/01/3f6dfc7c70ea196e8dca4af3c29d3711.png-wh_500x0-wm_3 -wmp_4-s_481968212.png "title=" 2.png "alt=" 3f6dfc7c70ea196e8dca4af3c29d3711.png-wh_ "/>650" this.width=650; "src = "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

After adding the changes, save the exit as follows:

[[email protected] ~]# su-aming//Toggle Normal User

Last Login: 311 months 1 19:08:29 CST 2017pts/0

[[email protected] ~]$ ls/root///Direct LS View root directory is reported no permissions

LS: Unable to open Directory/root/: Insufficient permissions

[[email protected] ~]$ sudo ls/root///add sudo to view

We Trust you are received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) with great power comes great responsibility.

[sudo] password for aming://First time view requires a normal user password

111 1_heard.txt.bak 1.txt.bak 2.txtaming2 anaconda-ks.cfg

123 1_sorft.txt.bak 234 3.txt

You do not need to enter the user name password procedure, edit the Visudo under root, and then modify it as follows.

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/01/12db733e86841c9c368fad7e6a4d3423.png-wh_500x0-wm_3 -wmp_4-s_324349526.png "title=" 3.png "alt=" 12db733e86841c9c368fad7e6a4d3423.png-wh_ "/>650" this.width=650; "src = "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

Example: Command aliases

Enter Visudo into the editor and add one.

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" text-align:center;border:1px solid RGB ( 221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%; Background-repeat:no-repeat, "alt=" Spacer.gif "/>650" this.width=650; "src=" https://s5.51cto.com/oss/201711/01/ 7be29ce426418e7bc16525f981f77fd5.png-wh_500x0-wm_3-wmp_4-s_32154062.png "title=" 4.png "alt=" 7be29ce426418e7bc16525f981f77fd5.png-wh_ "/>

Change the alias on, save exit.

650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/01/0865659ba41eca967d06f066fe7d0e6c.png-wh_500x0-wm_3 -wmp_4-s_2453618182.png "title=" 5.png "alt=" 0865659ba41eca967d06f066fe7d0e6c.png-wh_ "/>650) this.width=650;" Src= "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

Verify the operation, complete.

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/01/f15178fdc7814093869bcb33f44982b8.png-wh_500x0-wm_3 -wmp_4-s_254844845.png "title=" 6.png "alt=" F15178fdc7814093869bcb33f44982b8.png-wh_ "/>650" this.width=650; "src = "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

Restrict root telnet:

1, for the sake of security, prohibit root remote login (local is not limited), only allow ordinary users to log in, ordinary users want root user permissions can use sudo, but also can use Su, but root password can not let ordinary users know.

Cases:

Enter Visudo, edit add a user Aliases

650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/01/ed719421aad7bacc9d6b1870f451df67.png-wh_500x0-wm_3 -wmp_4-s_1184857120.png "title=" 7.png "alt=" Ed719421aad7bacc9d6b1870f451df67.png-wh_ "/>

Add another rule to save the exit.

650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/01/669d2d7edf45c6d975dc72da1b0e76c1.png-wh_500x0-wm_3 -wmp_4-s_487674931.png "title=" 8.png "alt=" 669d2d7edf45c6d975dc72da1b0e76c1.png-wh_ "/>650" this.width=650; "src = "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

Verify the operation, complete. (If you restrict root telnet)

650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/01/ecea675d7475a7230bf0860dc62145c9.png-wh_500x0-wm_3 -wmp_4-s_963918108.png "title=" 9.png "alt=" Ecea675d7475a7230bf0860dc62145c9.png-wh_ "/>650" this.width=650; "src = "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

To do a root remote restricted function, change the configuration file Vi/etc/ssh/sshd_config, edit the following actions.

650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/01/df2e1f1035955f8497ab344d2dc399db.png-wh_500x0-wm_3 -wmp_4-s_2424067096.png "title=" 10.png "alt=" Df2e1f1035955f8497ab344d2dc399db.png-wh_ "/>650) this.width=650;" Src= "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

After you change the configuration file Restart service systemctl restart Sshd.service, and then perform root authentication login, you cannot log on.

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/01/e2d0bdaa87f8c81b9d8a945c85576f9f.png-wh_500x0-wm_3 -wmp_4-s_3672459581.png "title=" 11.png "alt=" E2d0bdaa87f8c81b9d8a945c85576f9f.png-wh_ "/>650) this.width=650;" Src= "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

Using putty to log in to a normal user succeeds, and can directly use sudo to connect on root without requiring a password to verify the completion.

650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/01/3856d0ab19827ae059620a8b459f36ba.png-wh_500x0-wm_3 -wmp_4-s_2731210580.png "title=" 12.png "alt=" 3856d0ab19827ae059620a8b459f36ba.png-wh_ "/>650) this.width=650;" Src= "/e/u261/themes/default/images/spacer.gif" style= "text-align:center;border:1px solid rgb (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/localimage.png"); background-position:50% 50%;background-repeat: no-repeat; "alt=" Spacer.gif "/>

This article is from the "Gary Blog" blog, please be sure to keep this source http://taoxie.blog.51cto.com/10245493/1978209

Linux limit root telnet, su command, sudo command