Linux su and sudo commands use detailed

Source: Internet
Author: User

The SU command (switch user) switches to another identity user

su-#默认是root, the same as
Su-root #切换到root用户, and to the root directory, without-switch users only
Su-c ls Root #变更帐号为root并在执行ls指令后退出变回原使用者

The sudo command, super User do, is a privilege management mechanism that relies on/etc/sudoers. It allows authorized users to execute commands as Superuser or other user without knowing the superuser password. Although Su can also temporarily execute commands with other users without switching user identities, the root password is required, creating a security risk.

sudo command parameters:

sudo [-bhhpv][-s][-u < user >][directive]
Or
sudo [-klv]

Parameters
-B executes instructions in the background.
-h displays Help.
-H Sets the home environment variable to the new identity home environment variable.
-K ends the expiration of the password, which means that the password will be entered the next time sudo is executed.
-l lists instructions that the current user can execute and cannot execute.
-p To change the hint sign asking for a password.
-S executes the specified shell.
-U < user > with the specified user as the new identity. If you do not add this parameter, the default is root as the new identity.
-V Extension password expiration 5 minutes.
-V Displays version information.
-S to get the password from the standard input stream instead of the terminal

sudo command configuration (/etc/sudoers)

The default configuration is as follows:

# # Root users can execute arbitrary commands on any host with the privileges of any user or group, stating that the root user has the highest privileges.
Root all= (All:all) all

# # The users of the Admin group have the highest privileges.
%admin all= (All)

# # sudo group user and root user rights
%sudo all= (All:all) all

More configuration:
#让用户运行命令的时候不输入密码
Username All= Nopasswd:/usr/sbin/useradd

#指定多个用户, or group
Username1,username2 All=/usr/sbin/useradd

#指定多个主机
Username Mail,apache=/usr/sbin/useradd

#指定多个被代替的用户
Username all= (root,database)/usr/sbin/useradd

#指定多个命令
Username All=/usr/sbin/useradd,/usr/sbin/usemod

#指定某个目录下的所有命令
Username All=/usr/sbin/*

#指定排除的命令, don't allow the command to precede with an exclamation mark
Username all= (root)/usr/sbin/*!/usr/sbin/usermod,!/sbin/useradd

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.