The Linux system administrator must not know the command: sudo

Source: Internet
Author: User

Sudo is a command that manages everything. It literally means "Super Users can do it !" (Super user do !) For Linux system administrators or advanced users, it is one of the most important and essential commands. You have had this experience: when you try to run a command on a terminal, but the result is "Access Denied "? This is the command you need! But the bigger the power, the greater the responsibility! Sudo is much better than logging on as the root user or using the su "switch user" command. Please read it and see what sudo can do for you!

Recommended reading:

How to add a user as sudoers in Linux

Sudo: sorry, you must have a tty to run sudo

Configure sudo permissions in Linux

Temporary root permission for sudo Configuration

How to solve the problem that users cannot execute sudo in Linux

Sudo: What is its purpose?

So what can sudo actually do? If you add the "sudo" prefix before any Linux Command, it will run the command with elevated permissions. The permissions that need to be upgraded to execute some management tasks. One day, you may want to run a LAMP (Linux Apache MySQL PHP) server and manually edit the configuration file. You may need to restart or reset the Apache Web server or other service background programs. You even need to escalate the permission to shut down or reset the computer. "Hey, who shut down this machine ?"

If you are familiar with Windows, sudo is very similar to the Windows User Account Control (ACL) dialog box that pops up when you try to handle any important operations, but it is not as friendly as the latter. In Windows, if you try to execute a management task, the dialog box will ask you if you want to continue the execution ("are you sure you want to run the program you just clicked ?") Then execute the task. On a Mac server, a security dialog box pops up asking you to enter your password and click "OK ".

Linux is more dramatic. If you do not have proper permissions, some operations may look weird. The important configuration file you are editing may not be able to properly Save the content. The program you installed may be rejected. The outstanding source code you have downloaded and want to compile cannot be compiled. If you are unlucky, you may even see "Access Denied" or another error message. All the situations you are most worried about have become a reality, but what you need to do is to request permissions! This is why we should keep in mind the prior request for superuser permissions when performing operations like the following:

sudo reboot

On this screen, let's see what happens if we didn't use sudo to escalate permissions first:

First, we use the restart command to restart the system. This command does not mention: "must be a Super User ". Then, we try to restart with sudo. Sudo requires that you provide the user password. Note: it requires that you provide your password instead of the root password. Finally, we can see the broadcast information indicating that the system will be restarted. Sudo is like a magic command that can send magical commands.

Why is sudo better than another solution?

Sudo is the best and safest way to improve permissions. Let's take a look at another method to improve permissions. As a command to switch users, "su" requires you to enter the root password and give you a super-level user prompt, expressed as a # symbol. This # symbol means "dangerous! You have logged on as the root user! "The first command you issued may be successfully executed. However, once you forget it, you will continue to log on as the root user. If a wrong word is entered, it will be finished! You have cleared the entire hard drive, rather than the pirated mp3 file you downloaded. Your Web server and Home Company are all gone! For sudo, You have to input "sudo" before each command ". Therefore, you do not need to remember to switch back to the regular user mode, so there will be fewer accidents.

Suderos File

This file is the basis of sudo. It controls who can use the sudo command to obtain elevation permissions. It is usually located in/etc/sudoers. The most effective and secure way to edit this file is to use the mongodo command. This command starts the vi editor with higher permissions, so that you can edit and save the file. It also locks the sudoers file so that no one can edit the file. Once you have completed the editing, it will analyze the file and find out whether there are simple errors. Editing a sudo file is much safer than simply using any old text editor.

This file contains many parameters. You can specify which users or which users can execute commands. We are going to authorize ourselves to access sudo, so we only need to add at the bottom:

Username ALL = (ALL) ALL // grant sudo access to the user "username"
% Wheel ALL = (ALL) ALL // grant sudo access to ALL users belonging to the wheel User Group

Now the specified user name can use all root permissions. You can also allow a user or user group to only have sudo access to a specific service or server to replace the ALL parameter, but that is another topic.

Several options

Like any good command, there are also a few great options for sudo to handle more transactions.

 

  • Sudo-B will run the command in the background. This is useful for displaying many real-time output commands.
  • Sudo-s will run the shell specified to raise the permission, providing you with # prompt (don't forget to quit !)
  • Sudo su-will make you the root user and load your custom user environment variables.

Does it work now?

When we want to run important tasks, sudo provides security-enhancing permissions. Among Ubuntu users, it may be the most widely used and powerful command, because it has become the preferred method in this release. Since you have such great rights, you must be safe when running commands! There is no su-undo command in the world!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.