Gain superuser access
Root User:
In redhat7.2 the root user privileges higher than normal privileges on the file system for managing the system, to be performed, such as when you install or remove software and system management tasks such as files and directories, you must upgrade to the root user privileges.
Most devices are controlled by the root user, but some equipment is not the case. For example: USB mobile device can be controlled by general users, by default, only the root user can manage the "fixed" disks.
On the Linux root account is roughly equivalent to the local admin account windows. In most linux system administrator logs on to a non-privileged account (root), then use a variety of tools (su, sudo, polickit) to gain root privileges.
Use su to switch accounts:
SU instruction:
Switch user, do not specify a user name that is switching to the root user, when the user invokes the root ordinary users need to enter the root password. SU -: After switching the user to switch the working directory, the environment set to log on to the user exactly the same, but only the shell su start user's identity using the current environment settings.
su -c: This command is equivalent to the role of runas windows in the same program can be executed by any other user.
su flaw: you need to enter the root password when ordinary users to use.
sudo command:
The user can set the / etc / sudoers file, it is allowed to run as root or other user command. sudo asks the user to enter their password for authentication instead of entering the root password. This allows administrators to fine the authority to delegate user systems management tasks without the root password.
For example: if sudo is configured to allow users to run as root redhat usermod command, redhat you can run the following command to lock the user account.
sudo provides a command to edit the file: visudo to edit the file, configuration errors will be prompted to use a similar method with vim.
/ Etc / sudoers file Detailed
1 ## Sudoers allows particular users to run various commands as
2 ## the root user, without needing the root password.
3 ## //无需root用户密码执行各种只有root用户才可以执行的命令
4 ## Examples are provided at the bottom of the file for collections
5 ## of related commands, which can then be delegated out to particular
6 ## users or groups. //用户所用组
7 ##
8 ## This file must be edited with the 'visudo' command.
9
10 ## Host Aliases
11 ## Groups of machines. You may prefer to use hostnames (perhaps using
12 ## wildcards for entire domains) or IP addresses instead.
13 # Host_Alias FILESERVERS = fs1, fs2
14 # Host_Alias MAILSERVERS = smtp, smtp2
15
16 ## User Aliases
17 ## These aren't often necessary, as you can use regular groups
18 ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
19 ## rather than USERALIAS
20 # User_Alias ADMINS = jsmith, mikem
21
22
23 # Command Aliases
24 ## These are groups of related commands...
25
26 ## Networking //网络操作相关命令别名
27 # Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
28
29 ## Installation and management of software
30 # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
31
32 ## Services //服务器相关命令别名
34
35 ## Updating the locate database //本地数据库升级命令别名
36 # Cmnd_Alias LOCATE = /usr/bin/updatedb
37
38 ## Storage
39 # Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount //磁盘操作命令别名
40
41 ## Delegating permissions //代理权限相关别名
42 # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
43
44 ## Processes
45 # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
46
47 ## Drivers //进程相关命令别名
48 # Cmnd_Alias DRIVERS = /sbin/modprobe
49
50 # Defaults specification
51
52 #
53 # Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
54 # You have to run "ssh -t hostname sudo <cmd>".
55 #
56 Defaults requiretty
57
58 #
59 # Refuse to run if unable to disable echo on the tty. This setting should also be
60 # changed in order to be able to use sudo without a tty. See requiretty above.
61 #
62 Defaults !visiblepw
63
64 #
65 # Preserving HOME has security implications since many programs
66 # use it when searching for configuration files. Note that HOME
67 # is already set when the the env_reset option is enabled, so
68 # this option is only effective for configurations where either
69 # env_reset is disabled or HOME is present in the env_keep list.
70 #
71 Defaults always_set_home
72
73 Defaults env_reset
74 Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
75 Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
76 Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
77 Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
78 Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
79
80 #
81 # Adding HOME to env_keep may enable a user to run unrestricted
82 # commands via sudo.
83 #
84 # Defaults env_keep += "HOME"
85
86 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
87
88 ## Next comes the main part: which users can run what software on
89 ## which machines (the sudoers file can be shared between multiple
90 ## systems).
91 ## Syntax:
92 ##
93 ## user MACHINE=COMMANDS
94 ##
95 ## The COMMANDS section may have other options added to it.
80 #
81 # Adding HOME to env_keep may enable a user to run unrestricted
82 # commands via sudo.
83 #
84 # Defaults env_keep += "HOME"
85
86 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
87
88 ## Next comes the main part: which users can run what software on
89 ## which machines (the sudoers file can be shared between multiple
90 ## systems).
91 ## Syntax: //语法
92 ##
93 ## user MACHINE=COMMANDS //用户 登录的主机=(可以变换的身份) 可以执行的命令
94 ##
95 ## The COMMANDS section may have other options added to it. //命令部分可以附带一些其他选项
96 ##
97 ## Allow root to run any commands anywhere
98 root ALL=(ALL) ALL
99 redhat ALL=(ALL) ALL //可以使用最高权限 需要输入用户密码
100 ## Allows members of the 'sys' group to run networking, software,
101 ## service management apps and more.
102 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
103
104 ## Allows people in group wheel to run all commands //允许wheel用户组中的用户执行所有命令
105 %wheel ALL=(ALL) ALL
106
107 ## Same thing without a password
108 # %wheel ALL=(ALL) NOPASSWD: ALL //允许wheel用户组中的用户不输入密码情况下使用所有命
109
110 ## Allows members of the users group to mount and unmount the
111 ## cdrom as root
112 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
113
114 ## Allows members of the users group to shutdown this system
115 # %users localhost=/sbin/shutdown -h now //允许普通用户shutdown
116
117 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
118 #includedir /etc/sudoers.d