Introduction and main usage of su command
First, we need to explain what su means.
su means "switch user" "switch user"
The general usage of su is:
su <user_name>
su - <user_name>
su - -c "指令串" # 以 root 的方式执行 "指令串"
[zhangsan@localhost root]$ su - -c "tail -n 10 /etc/passwd"
密码: #输入 root 用户密码
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
zhangsan:x:1000:1001::/home/zhangsan:/bin/bash
There is only one character difference between the two methods -, there will be a big difference:
If the - parameter is added, it is a login-shell method, which means that after switching to another user <user_name>, the current shell will load the environment variables and various settings corresponding to <user_name>;
If the - parameter is not added, it is a non-login-shell method, which means that I now switch to <user_name>, but the current shell still loads the environment variables and various settings of the user before the switch.
Introduction and main usage of sudo command
The full English name of sudo is super user do, which means executing commands as a super user (root user). The sudo here is different from the switch user represented by su before.
- Main usage
We often encounter Permission denied situations in Linux, such as viewing the contents of /etc/shadow as the zhangsan user. Because the contents of this file can only be viewed by the root user
[zhangsan@localhost root]$ tail -n 3 /etc/shadow
tail: 无法打开"/etc/shadow" 读取数据: 权限不够
[zhangsan@localhost root]$ sudo !!
sudo tail -n 3 /etc/shadow
[sudo] zhangsan 的密码:
ntp:!!:19104::::::
tcpdump:!!:19104::::::
zhangsan:$6$WxrcPCRU$x/jWGSH0pcF1K/IytsUPbW29cvX2PXetcnXAR15Zl1NhoCt5EYcs2tAlb/z.1K.L6ltdG7jCSJ5jBicAuumSP/:19244:0:99999:7:::
ps:实例中,我们使用了 sudo !! 这个小技巧,表示重复上面输入的命令,只不过在命令最前面加上 sudo
Because I have set the sudo command to not require a password, sudo!! here can directly output the content. If it is not set, you need to enter the password of the current user. For example, in this example, I should enter the login password of the ubuntu user.
If the interval between two adjacent sudo operations is within 5 minutes, you do not need to re-enter the password when you enter sudo for the second time; if it exceeds 5 minutes, you need to enter the password again when you enter sudo again. So a more trouble-free method is to set sudo operations to not require a password.
- Switch to root user
sudo su -
This method can also switch to the root user using login-shell, but it is different from the su - method: in the former
, after entering sudo su -, you need to provide the login password of the current user, which is the password of the ubuntu user;
After entering su -, the user needs to provide the login password of the root user.
sudo -i
This command has the same effect as sudo su -. It also switches to the root user and requires the login password of the current user.
Whether a user can use the sudo command depends on the settings of the /etc/sudoers file.
From the above view of /etc/shadow, we have seen that user zhangsan can use sudo normally. This is because zhangsan ALL=(ALL) ALL has been configured in the /etc/sudoers file.
/etc/sudoers is also a text file, but because of its specific syntax, we do not need to use vim or vi to edit it directly. We need to use
visudothis command. After entering this command, you can directly edit the /etc/sudoers file.
It should be noted that onlyrootusers have permission to usevisudothe command.
Compare the differences between the two
-
Use
su -, providerootaccount密码, you can switch to the root user; -
Use
sudo su -, provided当前用户,密码you can also switch to the root user