User Management In Ubuntu (5) grant system administrator privileges to regular users

Running commands with Super User Permissions usually involves two situations: (1) You have a Super User Account (enabled by the root account) and a regular user account; (2) you are not a regular user but do not have the permissions of Super Users (this often happens to the primary and middle-level system administrators in large multi-user networks ). Here are two cases: (1) the su command temporarily changes the user identity. In this case, you need to enable the Super User Account (which is disabled by default in Ubuntu ). When the root account is enabled,

Running commands with Super User Permissions usually involves two situations: (1) You have a Super User Account (enabled by the root account) and a regular user account; (2) you are not a regular user but do not have the permissions of Super Users (this often happens to the primary and middle-level system administrators in large multi-user networks ). Let's take a look at these two situations:

(1) The su command temporarily changes the user identity

In this case, you need to enable the Super User Account (the Super User Account is disabled by default in Ubuntu ). When the root account is enabled, you can use the sudo passwd command. Then you can run the su command to enter the root user.

The format of the su command is as follows:

Su option username arguments

Using the su command alone, you become the root user, but still keep the environment variables of your original regular user, and your current directory will not change.

You use the su-command to change to a root user and inherit the environment variables of the root user.

To change to another user, you must specify the user name in the command line: su-other_user

To return to your original user identity, use the exit command.

When you want some users to execute commands that require Super User Permissions, you can tell them the root user's password and they can use the su command to enter the root user and execute the corresponding commands.

(2) grant super user permissions to The sudo command

Sudo is used in combination with commands. The sudo command format is as follows:

Sudo command

When you enter the preceding command, sudo checks the/etc/sudoers file to check whether the user is authorized to obtain the superuser permission. If possible, the user will be prompted to enter the password of the user, and then the command will be executed, just as the root user executes the command. When using the sudo command within 15 minutes during the default setting of Ubuntu, do not enter the password again. If an unauthorized user uses the sudo command, the record is saved in the system log and notified to the Super User.

There are three man pages related to sudo: sudo, sudoers, and mongodo. The first is about the sudo command itself, the second is about the/etc/sudoers file, and the third is to use a text editor to edit the/etc/sudoers file. You need to use a special edit command because it will check the file's parse error and lock the file to prevent others from editing. The do command uses the vi editor.

The/etc/sudoers file is as follows:

#
# This file MUST be edited with the 'mongodo 'command as root.
#

# Please consider adding local content in/etc/sudoers. d/instead
# Directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin: $
# Host alias specification
# User alias specification
# Cmnd alias specification

# User privilege specification
Root ALL = (ALL: ALL) ALL

# Members of the admin group may gain root privileges
% AdminALL = (ALL) ALL

# Allow members of group sudo to execute any command
% Sudo ALL = (ALL: ALL) ALL

# See sudoers (5) for more information on "# include" directives:
# Includedir/etc/sudoers. d