What are Linux command permissions?

1. Linux command to switch user -su (full process: switch user)

1.1 Brief description

In the operating system, a user cannot do whatever he wants, which will cause the system to fail. Security cannot be guaranteed, so with the division of operating permissions, users in the Linux system are divided into two categories: administrator users (root) and ordinary users; the

su command can Let an ordinary user switch to a super user or other users and temporarily have the permissions of the switched user.

1.2 suCommand

[san@San ~]$ su root
Password: 
[root@San san]#

Note: The su command needs to enter the password of the target user when switching users to make the switch successful.

2. Linux commands for ordinary users to execute root commands with elevated privileges

2.1 Brief description

sudo is what the system administrator allows ordinary users to execute A tool for some or all root commands (the execution identity generally requires temporarily becoming root).

2.2 sudoCommand

[san@San ~]$ date
Fri Apr 10 15:50:07 CST 2020
[san@San ~]$ date -s "2020-04-10 15:50:57"
date: cannot set date: Operation not permitted
Fri Apr 10 15:50:57 CST 2020
[san@San ~]$ sudo date -s "2020-04-10 15:52:43"
[sudo] password for san: 
Fri Apr 10 15:52:43 CST 2020
[san@San ~]$ date

As you can see from the example, setting the system time under ordinary users will report an error and the operation is not allowed. However, if you use the sudo command to temporarily elevate user operations, you can directly use an ordinary user to set the system time.

And sudo is not a replacement for the shell, it is for each command, and sudo can be used for privilege escalation operations for each command. Using sudo to escalate privileges not only reduces the root user's login and management time, but also improves security.

Note: The use of the sudo command requires modification of the /etc/sudoers configuration file.

2.3 /etc/sudoersModification of configuration files

Can any user use the sudo command to elevate their own operations at any time? ? This is not the case. If so, the root administrator user is useless. Only when the administrator adds the specified user to /etc/sudoers can this user perform privilege escalation operations because it is the system administrator. Centrally manage user permissions and host configuration files.

[san@San ~]$ su root
Password: 
[root@San san]# visudo        #vi /etc/sudoers 也可以，但是我们暂时不用，原因见后面

## 在配置文件中约第100行的位置可以找到需要配置信息， 输入 :100 回车可以直接跳转至第100行
## 将需要提权的用户信息添加到root用户信息的下方，格式雷同root即可，这里的san是我自己的用户~
## 通过输入 :wq 回车后保存配置并退出
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
san     ALL=(ALL)

Note: /etc/sudoersThe file cannot be modified directly using the editor due to file permissions. Even if the modification is successful, the syntax check will not be performed, so it is recommended to use visudo command to configure.

[root@San san]# ls -l /etc/sudoers

The above is the detailed content of What are Linux command permissions?. For more information, please follow other related articles on the PHP Chinese website!