The SU and sudo details of Linux Rights Management ___username is isn't in the sudoers file__linux

Source: Internet
Author: User

Summary: When you do permissions on Linux, you often get the problem: 1 Why installing the software requires sudo before apt-get. Just installed, run again apt-get but no need to add sudo in front. 2 Why it is sometimes shown that the user is isn't in the sudoers when running sudo command. 3 What is the difference between Su and sudo? 4 Many people use the same host, how to guarantee the security when many users have root authority. This article will mainly answer the above questions for you.


1.su


su– runs the shell that replaces the user and group identity, modifies the valid user identity and the group identity as user.


1.1 Contrast su with su–root (the latter equals su-)

Instance comparison:

hyk@hyk-linux:~ $su

Password: (note that the PWD after switching does not change)

Root@hyk-linux:/home#echo $HOME

/root

Root@hyk-linux:/home#exit (Exit later)

Exit

hyk@hyk-linux:~ $su-root

Password: (pwd changed after switching)

root@hyk-linux:~ #echo $HOME

/root

Root@hyk-linux:~ #exit (Logout shown later)

Logout

From the above example, see: su-, log in as root, the actual user login after the implementation of all operations (including environment variable settings, etc.), while the former is simply user Switching, PWD and other information.


The disadvantage of 1.2SU

1 The Unsafe Su Tool is not the best choice in the system management of many people participation, SU only applies to one or two people to participate in the management system, after all, SU cannot let the ordinary user limited use; the superuser root password should be held in the hands of a few users.

2 trouble: You need to tell the root password to everyone who needs root permission.


2.sudo


The appearance background of 2.1sudo

Because of the unrestricted privileges of the SU pair after switching to Superuser root, SU cannot act as a system administered by multiple administrators. If you use SU to switch to Superuser to manage your system, you cannot be clear about which administrator is doing the work. Especially for the management of the server has many people involved in management, it is best for each administrator's technical expertise and management scope, and targeted delegated authority, and agreed to use which tools to complete its related work, then we need to use sudo.

With sudo, we can target certain super privileges and do not need a normal user to know the root password, so sudo is safer than the unrestricted Su, so sudo can also be called restricted su; and sudo requires authorization, So also known as the licensing su;

The process of sudo executing a command is the current user switching to root (or another user specified to switch to), and then executing the command as root (or other specified switch to user), and then returning directly to the current user after execution is completed, which is provided through the sudo configuration file/etc/ Sudoers to authorize;

Attention:

hyk@hyk-linux:~ $sudo apt-get Install AAAA

[Sudo]password for Hyk:

See no, when Sudo is executed, we need to enter the current user's Hyk password, not the root password.


Characteristics of 2.2Sudo:

§sudo can restrict a user from running certain commands on a single host.

§sudo provides a wealth of logs detailing what each user has done. It can upload logs to a central host or log server.

§sudo uses a timestamp file to perform a similar "check-in" system. When the user invokes sudo and enters its password, the user obtains a 5-minute lifetime ticket (this value can be changed at compile time). That is, I just typed in the sudocat/etc/issue and then I just need to enter the cat/etc/issue again, and I don't need to re-enter sudo again.

The §sudo profile is a sudoers file that allows the system administrator to centralize the administration of user permissions and the host used. The location of the default is/etc/sudoers, and the attribute must be 0411.


Use of 2.3.sudo

Permission: A user who appears in the/etc/sudoers

Use mode: sudo-v

Sudo-h

Sudo-l

Sudo-v

Sudo-k

Sudo-s

Sudo-h

sudo[-b] [P prompt] [-u username/#uid]-S

Usage: Sudocommand

Description: Executes the instruction as the System Manager, that is, the command executed through sudo is like root in person.

Parameters:

-V Display version number

-H shows how the version number and instructions are used

-L Displays the permissions of its own (executing sudo's users)

-V because Sudo does not execute in the first execution or in n minutes (n preset five) asks the password, this parameter is a redo confirmation, if more than n minutes, will also ask the password

-K will force the user to perform the next

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.