In the operating system, a user cannot do whatever he wants, which will cause the system to fail. Security cannot be guaranteed, so with the division of operating permissions, users in the Linux system are divided into two categories: administrator users (root) and ordinary users; the
su
command can Let an ordinary user switch to a super user or other users and temporarily have the permissions of the switched user.
su
Command[san@San ~]$ su root Password: [root@San san]#
Note: The su
command needs to enter the password of the target user when switching users to make the switch successful.
sudo
is what the system administrator allows ordinary users to execute A tool for some or all root commands (the execution identity generally requires temporarily becoming root).
sudo
Command[san@San ~]$ date Fri Apr 10 15:50:07 CST 2020 [san@San ~]$ date -s "2020-04-10 15:50:57" date: cannot set date: Operation not permitted Fri Apr 10 15:50:57 CST 2020 [san@San ~]$ sudo date -s "2020-04-10 15:52:43" [sudo] password for san: Fri Apr 10 15:52:43 CST 2020 [san@San ~]$ date
As you can see from the example, setting the system time under ordinary users will report an error and the operation is not allowed. However, if you use the sudo
command to temporarily elevate user operations, you can directly use an ordinary user to set the system time.
And sudo
is not a replacement for the shell, it is for each command, and sudo can be used for privilege escalation operations for each command. Using sudo
to escalate privileges not only reduces the root user's login and management time, but also improves security.
Note: The use of the sudo
command requires modification of the /etc/sudoers
configuration file.
/etc/sudoers
Modification of configuration filesCan any user use the sudo
command to elevate their own operations at any time? ? This is not the case. If so, the root administrator user is useless. Only when the administrator adds the specified user to /etc/sudoers
can this user perform privilege escalation operations because it is the system administrator. Centrally manage user permissions and host configuration files.
[san@San ~]$ su root Password: [root@San san]# visudo #vi /etc/sudoers 也可以,但是我们暂时不用,原因见后面 ## 在配置文件中约第100行的位置可以找到需要配置信息, 输入 :100 回车可以直接跳转至第100行 ## 将需要提权的用户信息添加到root用户信息的下方,格式雷同root即可,这里的san是我自己的用户~ ## 通过输入 :wq 回车后保存配置并退出 ## Allow root to run any commands anywhere root ALL=(ALL) ALL san ALL=(ALL)
Note: /etc/sudoers
The file cannot be modified directly using the editor due to file permissions. Even if the modification is successful, the syntax check will not be performed, so it is recommended to use visudo
command to configure.
[root@San san]# ls -l /etc/sudoers
The above is the detailed content of What are Linux command permissions?. For more information, please follow other related articles on the PHP Chinese website!