SU command and sudo service
For the sake of security, the Linux system makes many system commands and services can only be used by the root administrator, but this also makes ordinary users more restricted by their permissions, which makes it impossible to successfully complete specific tasks.
Article Directory
su command
The su command can solve the need to switch user identities, so that the current user can smoothly switch to other users without logging out, such as switching from root administrator to ordinary user.
One, there is a minus sign (-) between the su command and the user name, which means switching to the new user completely, that is, changing the environment variable information to the corresponding information of the new user instead of keeping the original information. It is strongly recommended to add this minus sign (-) when switching user identities
Second, the su command to switch users with (-) default to switch to the root directory, convenient operation!
One, sudo command
The sudo command grants the execution authority of a specific command to a specified user, which can ensure that ordinary users can complete specific tasks, and can also avoid leaking the root administrator password. What we have to do is to configure the sudo service reasonably to take into account the security of the system and the convenience of users. The configuration principle of sudo service is also very simple-under the premise of ensuring that ordinary users complete the corresponding work, grant as few additional permissions as possible.
sudo命令用于给普通用户提供额外的权限来完成原本root管理员才能完成的任务,格式为“sudo [参数] 命令名称”。
Available parameters and functions in sudo service
| parameter | effect |
|---|---|
| -h | List help information |
| -l | List the commands executable by the current user |
| -u username or uid value | Execute command as specified user |
| -k | Clear the effective time of the password, the next time you execute sudo, you need to verify the password again |
| -b | Commands executed in the background |
| -p | Change the reminder that asks for the password |
visudo command
Used to configure user permissions. Using this command to configure user permissions will prohibit multiple users from modifying the sudoers configuration file at the same time. You can also check the syntax of the parameters in the configuration file, and report an error when a parameter error is found. Only the root administrator can use the visudo command.
編輯普通用戶的使用權限 在第99行
先用whereis 查看命令 再在普通用户查看命令位置
在使用visudo 99列赋予文件权限 在切换普通用户 sudo +命令+文件位置 就可以使用
Second, the specific functions and demonstration of sudo
1. Use whereis command
The code is as follows (example):
[root@zhuxing Desktop]# whereis cat
cat: /usr/bin/cat /usr/share/man/man1/cat.1.gz /usr/share/man/man1p/cat.1p.gz
复制文件根目录 : /usr/bin/cat
2. Use the visudo command
The code is as follows (example):
使用visudo命令修改普通用户zhuxing 的权限使他赋予cat命令的权限
編輯普通用戶的使用權限 在第99行zhuxing ALL=(ALL) /usr/bin/cat
具体命令如下
[root@zhuxing Desktop]# visudo
[root@zhuxing Desktop]# su - zhuxing
Last login: Tue Oct 13 07:43:40 EDT 2020 on pts/0
[zhuxing@zhuxing ~]$ sudo cat /etc/shadow
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for zhuxing: 需要输入密码
The processing result is shown in the figure: ordinary users have been granted cat permission but need to enter a password
Use sudo command without password
root ALL=(ALL) ALL
zhuxing ALL=NOPASSWD: /usr/bin/cat
修改普通用户访问sudo需要密码的问题
[root@zhuxing Desktop]# visudo
[root@zhuxing Desktop]# su - zhuxing
Last login: Tue Oct 13 08:17:08 EDT 2020 on pts/0
[zhuxing@zhuxing ~]$ sudo cat /etc/shadow
root:$6$1aEIprXG7Adk55tv$v376la3uqUPhgF.M0m/8D0swVKWZndKNHGqg07tOwxfZYL41RjWviPElX33X1YcEXL0Iv0wH/Itqz28vBXrAU0:18519:0:99999:7:::
bin:*:16141:0:99999:7:::
daemon:*:16141:0:99999:7:::