Usage of Su and sudo in Linux

Su-
#su-oldboy//When executing this command, switch to Oldboy user, and re-read the user environment-related configuration file, specifically to execute under the user home directory. Bash_profile and. bashrc files, this we become the full switch
su
#su Oldboy//execute this command when the system does not read the above two files, so we generally call it a half switch, so that after the switch over, Oldboy users still use the previous user's environment configuration information
sudo
#sudo这个命令设计初的主要目的是为了使某些用户具有特定用户的一些特殊的权限, for example, such as a A, a two person, a is a technical manager, with the company root authority on the server, B technology is not mature enough, only the general user rights, because the project reason, b need to have permission to add a user, what should I do at this time? Give B administrator permission? Is the security guaranteed? Yes, that's when sudo comes in handy ...
1)sudo the definition of this command in the/etc/sudoers file , the file content format is as follows:
User machine= COMMANDS
root all= (all) all
Oldboy all= (All)/user/sbin/useradd
User Machine = (rights to which role to authorize)/user/sbin/useradd
% User Group machine = (rights to which role to authorize)/user/sbin/useradd

2) We can use VIM to open/etc/sudoers this file, but because this file is very important to the system, so there is a special command Visudo to edit this file, when an administrator to edit this file, This file is added to the system by a "lock", meaning that multiple administrators are not allowed to edit it at the same time, which is also for the sake of system security

3) Example: For example we need Oldboy user can execute passwd command, then we need to make the following configuration:
1) #visudo//Open/etc/sudoers configuration file
2) Add the following line to the configuration file
Oldboy all= (root)/usr/sbin/useradd
3) #su-oldboy//Switch to Oldboy user
4) #sudo/usr/sbin/useradd jack//Normal user Oldboy add user Jack
of course sudoers files are not so easy to play around, assuming the following circumstances, When we want to give a good number of commands to Oldboy user permissions (the same way when we want to give a lot of users a command to use permissions or let a user login on different hosts can have such command permissions), then we change how to do? It doesn't seem that our Linux is too clumsy to write on one line ...
at this time we can look at the Sudoers man document, we will find this really very cow, cattle broke to We can define a user can only use one of the commands one of the options ... Linux solves the above problem with an alias

1) The following is a format definition for multiple users:
User_alias NAME = Gentoo, SuSE, Ubuntu,%MYGRP, Usename//Can be added to a group, you can add another user alias, here if you want to add the group to remember to add "%" in front, do not ask why, that's how it's defined.
2) The following is a format definition for multiple hosts:
Host_alias name = hostname, IP, network/mask, name//Here is the name of the host, IP address, network segment, and another alias .
3) The following is the definition of the format that runs (more than one) as the user:
Runas_alias name = user, group, #用户ID, name//Here is the user name, group name, user ID (must precede "#"), and another alias .
4) The following is a format definition for multiple commands:
cmnd_alias name = command, directory (all commands in directory), NAME//Here is a command that can be followed by a command, a directory of commands, another alias

When the SU command is executed without any parameters, it indicates that you want to switch to the root user, but doing so will encounter some problems. Because although the switch to the root user, but did not change to the root user login environment, the user's default login environment, can be found in the/etc/passwd, including home directory, Shell type and so on. The operating method of the comparison specification is "Su-". See the example below.

Example 1: switch from normal user Oldboy to root user

[[email protected] ~]$ WhoAmI #→ confirm that the current user is Oldboy
Oldboy
[[email protected] ~]$ su #→ no user will be cut to the root user. Of course, you can also use Su root.
Password: #→ Here, of course, is the root user's password.
[[email protected] oldboy]# env
Hostname=oldboy
User=oldboy
Mail=/var/spool/mail/oldboy
Pwd=/home/oldboy
Home=/root
Logname=oldboy
... Omit partially unrelated content ...
#→ Careful readers should have seen, if the use of SU instead of "-" This parameter, then the user before the switch related information will exist, which will cause a lot of trouble, and even unexpected results. Therefore, it is best to "Su-user name" when switching users. This is the standard way to switch users in a production scenario.
[[email protected] oldboy]# exit #→ exit the current user, this command can also be replaced with the Ctrl+d shortcut key command.
[[email protected] ~]$ Su-#→ with "-" parameters to switch, you can also use the Su-root command. This is the standard method of operation in a production scenario.
Password:
[email protected] ~]# Env|egrep "user| mail| pwd| LOGNAME "#→ the environment variable information results after switching. Use Egrep to filter the rows that contain the string you want to view.
User=root
Mail=/var/spool/mail/root
Pwd=/root
Logname=root
#→ This time is different from the last time, all the environment variable information has been switched to root. Therefore, please be sure to add "Su-user name" when switching users, here to remind, not only the root yo, switch to other users is the same, hehe.

The SU command summarizes:
1) Normal user switch to root user, can use Su-or su-root. You must enter the root password to complete the switchover.
2) root user switch to normal user, you can use the "Su Ordinary user name" notation. You do not need to enter any password to complete the switchover. After switching to a normal user, when executing some commands such as ifconfig, you may encounter the environment variable path path problem and can not find some system commands (usually/sbin,/usr/sbin, etc.), then you need to the normal user's path, The path content configured as root.
3) If you only want to execute a command under a user and not switch directly to the user, you can use the Su-user name-C "command" method.

Usage of Su and sudo in Linux