Su Command and sudo service
The SU command is used to switch the user (switch the lander)
Format:su [-] User name
[-]: indicates an environment variable that uses a new user
Use the [-] function:
[Email protected] test1]# echo $PATH #查看root的环境变量
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[Email protected] test1]# Su-linuxs
Last Login:sun Sep ten 11:56:54 CST on pts/0
[Email protected] ~]$ echo $PATH #查看linuxs的环境变量
/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/linuxs/.loc Al/bin:/home/linuxs/bin
[Email protected] ~]$
To exit from SU Switch user mode:
[[Email protected] ~]$ exit
Logout
[Email protected] test1]#
The sudo command is used to give an ordinary user additional privileges to complete a task that was previously done by a super user.
Use the sudo program to assign specific command/program execution permissions to the specified user only.
While avoiding the use of root users multiple times, a reasonable use of sudo function can
Security and ease of use
sudo features:
Format:sudo [parameter] command name
Parameters |
Role |
-H |
List Help information |
-L |
List commands that the current user can execute |
-U user name/uid |
Execute command as specified user |
-K |
Clear the security time, the next execution needs to verify the password |
-B |
Executes the specified command in the background |
-P |
Change the Ask password prompt |
only use super users to use visudo command to edit the sudo program's configuration file (/etc/sudoers)
Visudo Advantages:
prevent multiple users from modifying at the same time sudo configuration file;
To check the sudo program configuration file for syntax
Example 1-Allow LINUXS users to use all commands
[Email protected] test1]# Visudo
Linuxs all= (All) all
[Email protected] linuxs]# Su-linuxs
Last Login:sun Sep ten 17:52:42 CST on PTS/1
[Email protected] ~]$ sudo-l #查看用户可以执行那条命令
[sudo] password for linuxs: #验证信息
Matching Defaults entries for Linuxs the This host:
......
......
Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User Linuxs may run the following commands on this host:
(All) all #此处显示用户可执行的命令
[Email protected] ~]$ Cat/etc/shadow
Cat:/etc/shadow:permission denied
[email protected] ~]$ sudo cat/etc/shadow
Root:$6$5rrwg5if$etmrlkg9n4l4fz9hpnrt30fsrbvl0puacwwrnum E5C5RFFB
......
......
Omitted............
Experiment 2-only allow the user to execute the cat command as the root user
[Email protected] test1]# Visudo
Linux all= (Root)/bin/cat
[Email protected] ~]$ sudo-l #查看当前用户可执行的命令
[sudo] password for linuxs:
Matching Defaults entries for Linuxs the This host:
Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User Linuxs may run the following commands on this host:
(Root)/bin/cat #此处显示可执行的命令
[Email protected] ~]# Su-linuxs
Last Login:sun Sep ten 18:10:21 CST on PTS/1
[Email protected] ~]$ Cat/etc/shadow
Cat:/etc/shadow:permission denied
[email protected] ~]$ sudo cat/etc/shadow
Root:$6$5rrwg5if$etmrlkg9n4l4fz9hpnrt30fsrbvl0puacwwrnum E5C5RFFB
......
......
Omitted............
Experiment 3-Allows commands to be executed by any user and does not require password verification at any time
[Email protected] test1]# Visudo
Linuxs All=nopasswd:all
[Email protected] ~]# Su-linuxs
Last Login:sun Sep ten 18:19:25 CST on PTS/1
[Email protected] ~]$ sudo-l
Matching Defaults entries for Linuxs the This host:
Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User Linuxs may run the following commands on this host:
(root) Nopasswd:all
[email protected] ~]$ sudo ifconfig
eno16777728:
......
......
......
linux[basic]-20-user and File Permissions-[su command and sudo service]-[03]
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
