Password-free switching of Linux system command "su - user" between ordinary users

Others 2022-04-27 19:37:17 views: 0

In a special case, we need to use this method to automatically jump to the user.

As shown in the figure, when the company uses the bastion host for server management, different server clusters use different system users to push, the external network cluster uses "userA", the internal network cluster uses "userB", but the internal network cluster is required to log in through the bastion host. The system user used is also userA, that is, userB will automatically switch to userA immediately after logging in. This switching process is transparent to customers. The advantage of this is that although the final login user of the bastion host is userA, the userA of the internal and external network clusters can be managed separately, which enhances the flexibility and security of server management.

Under the Linux system, we can configure the pam.d module so that ordinary users can use the su command to log in to the root user without password. However, we cannot use the same method to switch between ordinary users without su password.

In an intranet cluster, to achieve password-free switching between ordinary users, you only need to do the following two steps:

1) Implement password-free ssh login for userB-->userA by executing two commands

ssh-keygen -t rsa

ssh-copy-id  -i /home/userB/.ssh/id_rsa.pub  [email protected]

2) Append the following in the /home/userB/.bashrc file

ssh [email protected]

After the above operations are completed, when the root user is logged in, you can use "su - userB" to switch users, and the final user to switch to is userA. However, there is an imperfection in doing so. We know that after switching users through the su command or the ssh command, when you use the exit command to exit the server, it will not completely exit, but will exit to the user mode before the switch. As follows, to exit to the root user, you need to execute the exit command twice.

To fix this, just do step 3:

3) Append the following to the /home/userB/.bash_profile file

exit

After this step is set, execute the exit command to exit in userA user mode, and it will directly return to root mode, which is equivalent to userA-->root, only need to execute the exit command once.

In this way, when userB is used to log in to the server of the intranet cluster through the bastion host or Xshell tool, the server will automatically switch to userA user mode, and when the exit command is used to exit, it will be completely exited. Switching back and forth between userB and userA is completely transparent to the client.

Retrieved from https://www.linuxidc.com/Linux/2017-08/146595.htm

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325806391&siteId=291194637
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com