System Tutorial
LINUX
So many people are confused about the usage and difference between root and sudo in Linux!
So many people are confused about the usage and difference between root and sudo in Linux!
In Linux systems, there are two concepts that everyone may be familiar with, one is the sudo command and the other is the root account. The sudo command allows us to execute commands with the highest permissions. Under the root account, all commands have the highest permissions, which is equivalent to all commands having sudo added by default.
So, What is the difference between sudo and root? Why do we recommend using sudo instead of using the root account directly? In this tutorial, you will learn about root access, sudo command, how to run commands using sudo, and the difference between sudo access and root.
What is root?
root refers to the superuser account in Unix-like systems such as Linux. It is the privileged account with the highest access rights on the system used for system administration. This root/superuser account has a user identifier (UID) of zero, regardless of the account name.
The root user has full authority over the entire system (root privileges). It can do things like modify core parts of the system, upgrade the system, change system configuration, and start, stop, and restart all running system services.
When logged in as root (using su -), the terminal command prompt symbol changes from
$ echo 'You are in a normal shell'
become
# echo 'This is a root shell'
On some systems (such as Ubuntu), the root user is locked by default. (Note: Bricklayer will not be locked, but Tencent Cloud will lock it by default).
What is Sudo?
Thesudo (superuser do) command is a command line utility that allows a user to execute commands as root or other users. It provides an efficient way to grant appropriate permissions to certain users to use specific system commands or run scripts as the root user.
Although somewhat similar to the su command, sudo differs in that it requires the user's password for authentication by default, rather than the target user's password that su requires. Sudo also does not spawn a root shell; instead, it runs a program or command with elevated privileges, unlike su, which spawns a root shell.
Using sudo, system administrators can perform the following operations:
- Grants a user or group of users the ability to run certain commands with elevated or root privileges.
- View the logs for the user ID of each user using sudo.
- Controls what commands users can use on the host system.
Sudo logs all commands and parameters executed in the /var/log/auth.log file, which can be analyzed in the event of a failure.
sudoers file
sudo uses the default sudoers security policy and maintains a special configuration file /etc/sudoers. This file can be used to control access permissions and password prompt timeouts.
Note: You must have elevated permissions to view the sudoers file
Open the /etc/sudoers file; it should look like this:
# This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/ sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "@include" directives: @includedir /etc/sudoers.d
This line:
root ALL=(ALL:ALL)ALL
means that the root user has unlimited permissions and can run any command on the system.
%sudo ALL=(ALL:ALL)ALL
Allow all members of group sudo to execute any command.
Note: The ‘%’ in the sudoers file represents a group, not a comment.
As can be seen from the first line of the /etc/sudoers file:
# This file MUST be edited with the 'visudo' command as root
Do not attempt to edit the sudoers file directly. Use the visudo command with root privileges.
Running a command using sudo is very simple, just add sudo in front of the command:
$ sudo command
Generally speaking, you will be prompted to enter a password. Enter the password and press Enter.
$ sudo command [sudo] password for user:
Sudo 对比 Root
最小权限原则是一种信息和计算机安全概念,它认为授予程序和用户执行任务所需的最少或最低限度的权限。
以 root 用户登录后,输入到终端的每一条命令都以系统最高权限运行,违反了最小权限原则。像 rm 这样的简单命令可用于删除核心根目录或文件,而不会在意外时提示用户。例如,如果您尝试使用以下命令删除 /etc 之类的根目录:
$ rm -rf /etc
当您以普通用户身份登录时,您将被拒绝许可。当以 root 身份登录时,不会显示任何提示,并且整个文件夹将被删除 – 这很可能会破坏您的系统,因为运行系统所需的特殊配置文件存储在 /etc 目录中。您也可能最终错误地格式化磁盘,并且系统不会提示您。
此缺陷还扩展到以 root 身份运行代码或应用程序;应用程序中的一个小错误可能会删除一些系统文件,因为该应用程序是在最高权限下运行的。
Sudo 提供细粒度的访问控制。它仅向需要它的特定程序授予提升的权限。您知道哪个程序以提升的权限运行,而不是使用 root shell(以 root 权限运行每个命令)。
Sudo 也可以配置为以另一个用户身份运行命令,指定允许哪些用户和组使用 sudo 运行命令,或者通过编辑 sudoers 文件设置以 root 权限运行程序的超时。
因此,不建议使用 root shell 运行命令,因为您破坏系统的机会要高得多。如果您需要更高权限或 root 权限来运行命令,请使用 sudo 确保只有该命令以 root 权限运行。
The above is the detailed content of So many people are confused about the usage and difference between root and sudo in Linux!. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
How to use docker desktop
Apr 15, 2025 am 11:45 AM
How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).
Difference between centos and ubuntu
Apr 14, 2025 pm 09:09 PM
The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
What to do if the docker image fails
Apr 15, 2025 am 11:21 AM
Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.
How to view the docker process
Apr 15, 2025 am 11:48 AM
Docker process viewing method: 1. Docker CLI command: docker ps; 2. Systemd CLI command: systemctl status docker; 3. Docker Compose CLI command: docker-compose ps; 4. Process Explorer (Windows); 5. /proc directory (Linux).
What computer configuration is required for vscode
Apr 15, 2025 pm 09:48 PM
VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)
Detailed explanation of docker principle
Apr 14, 2025 pm 11:57 PM
Docker uses Linux kernel features to provide an efficient and isolated application running environment. Its working principle is as follows: 1. The mirror is used as a read-only template, which contains everything you need to run the application; 2. The Union File System (UnionFS) stacks multiple file systems, only storing the differences, saving space and speeding up; 3. The daemon manages the mirrors and containers, and the client uses them for interaction; 4. Namespaces and cgroups implement container isolation and resource limitations; 5. Multiple network modes support container interconnection. Only by understanding these core concepts can you better utilize Docker.
What is vscode What is vscode for?
Apr 15, 2025 pm 06:45 PM
VS Code is the full name Visual Studio Code, which is a free and open source cross-platform code editor and development environment developed by Microsoft. It supports a wide range of programming languages and provides syntax highlighting, code automatic completion, code snippets and smart prompts to improve development efficiency. Through a rich extension ecosystem, users can add extensions to specific needs and languages, such as debuggers, code formatting tools, and Git integrations. VS Code also includes an intuitive debugger that helps quickly find and resolve bugs in your code.
How to switch Chinese mode with vscode
Apr 15, 2025 pm 11:39 PM
VS Code To switch Chinese mode: Open the settings interface (Windows/Linux: Ctrl, macOS: Cmd,) Search for "Editor: Language" settings Select "Chinese" in the drop-down menu Save settings and restart VS Code
