Summary: When you do permissions on Linux, you often get the problem: 1 Why installing the software requires sudo before apt-get. Just installed, run again apt-get but no need to add sudo in front. 2 Why it is sometimes shown that the user is isn't in the sudoers when running sudo command. 3 What is the difference between Su and sudo? 4 Many people use the same host, how to guarantee the security when many users have root authority. This article will mainly answer the above questions for you.
1.su
su– runs the shell that replaces the user and group identity, modifies the valid user identity and the group identity as user.
1.1 Contrast su with su–root (the latter equals su-)
Instance comparison:
hyk@hyk-linux:~ $su
Password: (note that the PWD after switching does not change)
Root@hyk-linux:/home#echo $HOME
/root
Root@hyk-linux:/home#exit (Exit later)
Exit
hyk@hyk-linux:~ $su-root
Password: (pwd changed after switching)
root@hyk-linux:~ #echo $HOME
/root
Root@hyk-linux:~ #exit (Logout shown later)
Logout
From the above example, see: su-, log in as root, the actual user login after the implementation of all operations (including environment variable settings, etc.), while the former is simply user Switching, PWD and other information.
The disadvantage of 1.2SU
1 The Unsafe Su Tool is not the best choice in the system management of many people participation, SU only applies to one or two people to participate in the management system, after all, SU cannot let the ordinary user limited use; the superuser root password should be held in the hands of a few users.
2 trouble: You need to tell the root password to everyone who needs root permission.
2.sudo
The appearance background of 2.1sudo
Because of the unrestricted privileges of the SU pair after switching to Superuser root, SU cannot act as a system administered by multiple administrators. If you use SU to switch to Superuser to manage your system, you cannot be clear about which administrator is doing the work. Especially for the management of the server has many people involved in management, it is best for each administrator's technical expertise and management scope, and targeted delegated authority, and agreed to use which tools to complete its related work, then we need to use sudo.
With sudo, we can target certain super privileges and do not need a normal user to know the root password, so sudo is safer than the unrestricted Su, so sudo can also be called restricted su; and sudo requires authorization, So also known as the licensing su;
The process of sudo executing a command is the current user switching to root (or another user specified to switch to), and then executing the command as root (or other specified switch to user), and then returning directly to the current user after execution is completed, which is provided through the sudo configuration file/etc/ Sudoers to authorize;
Attention:
hyk@hyk-linux:~ $sudo apt-get Install AAAA
[Sudo]password for Hyk:
See no, when Sudo is executed, we need to enter the current user's Hyk password, not the root password.
Characteristics of 2.2Sudo:
§sudo can restrict a user from running certain commands on a single host.
§sudo provides a wealth of logs detailing what each user has done. It can upload logs to a central host or log server.
§sudo uses a timestamp file to perform a similar "check-in" system. When the user invokes sudo and enters its password, the user obtains a 5-minute lifetime ticket (this value can be changed at compile time). That is, I just typed in the sudocat/etc/issue and then I just need to enter the cat/etc/issue again, and I don't need to re-enter sudo again.
The §sudo profile is a sudoers file that allows the system administrator to centralize the administration of user permissions and the host used. The location of the default is/etc/sudoers, and the attribute must be 0411.
Use of 2.3.sudo
Permission: A user who appears in the/etc/sudoers
Use mode: sudo-v
Sudo-h
Sudo-l
Sudo-v
Sudo-k
Sudo-s
Sudo-h
sudo[-b] [P prompt] [-u username/#uid]-S
Usage: Sudocommand
Description: Executes the instruction as the System Manager, that is, the command executed through sudo is like root in person.
Parameters:
-V Display version number
-H shows how the version number and instructions are used
-L Displays the permissions of its own (executing sudo's users)
-V because Sudo does not execute in the first execution or in n minutes (n preset five) asks the password, this parameter is a redo confirmation, if more than n minutes, will also ask the password
-K will force the user to perform the next