Article directory
1. The su command
1. Grammar: (full English spelling: switch user)
su [-fmp] [-c command] [-s shell] [--help] [--version] [-] [USER [ARG]]
2. Parameter description:
-f或--fast:不必读启动档(如 csh.cshrc 等),仅用于 csh 或 tcsh。
-m,-p 或 --preserve-environment:执行su时不改变环境变量。
-c command 或 --command=command:切换帐号并执行指令(command)后再变回原来使用者。
-s shell或--shell=shell:指定要执行的shell(bash csh tcsh 等),预设值为 /etc/passwd 内的该使用者(USER) shell。
--help 显示说明文件
--version 显示版本资讯
-,-l 或--login:这个参数加了之后,就好像是重新 login 为该使用者一样,改变环境变量及目录。
USER 欲变更的使用者帐号
ARG 传入新的 shell 参数
3. Common examples
Switch the root account and exit and return to the original user after executing the ls command
su -c ls root
Switch to postgres without changing environment variables
su -postgres
Switch to postgres, change environment variables and working directory (there are spaces on both sides of -)
su - postgres
Two, sudo command
1. Grammar:
sudo [ -Vhl LvkKsHPSb ] │ [ -p prompt ] [ -c class│- ] [ -a auth_type ] [-u username│#uid ] command
2. Parameter description:
-V:显示版本编号。
-h:显示版本编号及指令的使用方式说明。
-l:显示出自己(执行 sudo 的使用者)的权限。
-v:sudo在第一次执行时或是在 N 分钟内没有执行(N 预设为五分钟)会问密码,这个参数是重新做一次确认,如果超过 N 分钟,也会问密码。
-k:将会强迫使用者在下一次执行 sudo 时问密码(不论有没有超过 N 分钟)。
-b:将要执行的指令放在后台执行。
-p prompt:可以更改问密码的提示语,其中 %u 会代换为使用者的帐号名称, %h 会显示主机名称。
-u username/#uid:无此参数代表要以 root 的身份执行指令,而加了此参数,可以以 username 的身份执行指令。
-s:执行环境变量中的SHELL所指定的shell,或是 /etc/passwd 里所指定的shell。
3. How to use
If you want to complete a command as another user for a short period of time, you can use the sudo command. Before using dudo, you need to modify the /etc/sudoers configuration file as root, otherwise the sudo command cannot be used. Modify the command as follows:
# sudoers文件追加写权限
chmod +w /etc/sudoers
# 编辑sudoers文件
vi /etc/sudoers
As shown in the figure above, the first ALL represents the host that can execute the sudo command (ALL represents any host); the second ALL represents the user that can execute the sudo command as the user (ALL represents the root user); the third ALL represents Commands that can be executed by sudo, multiple commands can be separated by "," (ALL means all commands)
Note: The red box in the above picture is the newly added data, which means that the postgres user can execute all commands in the /usr/bin directory, but is not allowed to execute the passwd (change password) command in this directory.
Create a test folder in the /root directory as root
sudo mkdir /root/test
As shown in the figure below, after modifying the configuration file, the postgres account can execute the mkdir command with root privileges, otherwise it will prompt "No permission to create files in this directory". The first time this command is executed, the password of the postgres account is required.
Delete the test folder in the /root directory as root
sudo rm -rf /root/test
Summarize
Word document download address: Two commonly used commands for switching users in Linux systems