linux[basic]-20-user and File Permissions-[su command and sudo service]-[03]

Source: Internet
Author: User

Su Command and sudo service

The SU command is used to switch the user (switch the lander)

Format:su [-] User name

[-]: indicates an environment variable that uses a new user

Use the [-] function:

[Email protected] test1]# echo $PATH #查看root的环境变量

    /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

[Email protected] test1]# Su-linuxs

    Last Login:sun Sep ten 11:56:54 CST on pts/0

[Email protected] ~]$ echo $PATH #查看linuxs的环境变量

    /usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/linuxs/.loc Al/bin:/home/linuxs/bin

[Email protected] ~]$

To exit from SU Switch user mode:

[[Email protected] ~]$ exit

    Logout

[Email protected] test1]#

 The sudo command is used to give an ordinary user additional privileges to complete a task that was previously done by a super user.

Use the sudo program to assign specific command/program execution permissions to the specified user only.

While avoiding the use of root users multiple times, a reasonable use of sudo function can

Security and ease of use

sudo features:

      1. Restrict user execution of specified commands
      2. Record each command executed by the user
      3. Configuration file (/etc/sudoers) provides several administrative users, permissions, and host parameters
      4. Verify password is within 5 minutes (default), no need to verify password again, convenient

Format:sudo [parameter] command name

Parameters

Role

-H

List Help information

-L

List commands that the current user can execute

-U user name/uid

Execute command as specified user

-K

Clear the security time, the next execution needs to verify the password

-B

Executes the specified command in the background

-P

Change the Ask password prompt

  only use super users to use visudo command to edit the sudo program's configuration file (/etc/sudoers)

Visudo Advantages:

   prevent multiple users from modifying at the same time sudo configuration file;

To check the sudo program configuration file for syntax

  Example 1-Allow LINUXS users to use all commands

[Email protected] test1]# Visudo

Linuxs all= (All) all

[Email protected] linuxs]# Su-linuxs

Last Login:sun Sep ten 17:52:42 CST on PTS/1

[Email protected] ~]$ sudo-l #查看用户可以执行那条命令

[sudo] password for linuxs: #验证信息

Matching Defaults entries for Linuxs the This host:

......

......

Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

    User Linuxs may run the following commands on this host:

(All) all #此处显示用户可执行的命令

[Email protected] ~]$ Cat/etc/shadow

Cat:/etc/shadow:permission denied

[email protected] ~]$ sudo cat/etc/shadow

Root:$6$5rrwg5if$etmrlkg9n4l4fz9hpnrt30fsrbvl0puacwwrnum E5C5RFFB

......

......

Omitted............

  Experiment 2-only allow the user to execute the cat command as the root user

[Email protected] test1]# Visudo

Linux all= (Root)/bin/cat

[Email protected] ~]$ sudo-l #查看当前用户可执行的命令

[sudo] password for linuxs:

Matching Defaults entries for Linuxs the This host:

Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

   User Linuxs may run the following commands on this host:

(Root)/bin/cat #此处显示可执行的命令

[Email protected] ~]# Su-linuxs

Last Login:sun Sep ten 18:10:21 CST on PTS/1

[Email protected] ~]$ Cat/etc/shadow

Cat:/etc/shadow:permission denied

[email protected] ~]$ sudo cat/etc/shadow

Root:$6$5rrwg5if$etmrlkg9n4l4fz9hpnrt30fsrbvl0puacwwrnum E5C5RFFB

......

......

Omitted............

  Experiment 3-Allows commands to be executed by any user and does not require password verification at any time

[Email protected] test1]# Visudo

Linuxs All=nopasswd:all

[Email protected] ~]# Su-linuxs

Last Login:sun Sep ten 18:19:25 CST on PTS/1

[Email protected] ~]$ sudo-l

Matching Defaults entries for Linuxs the This host:

Xauthority ", Secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

    User Linuxs may run the following commands on this host:

(root) Nopasswd:all

[email protected] ~]$ sudo ifconfig

eno16777728:

......

......

......

linux[basic]-20-user and File Permissions-[su command and sudo service]-[03]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.