filmov
tv
SU & SUDO Commands in RHEL \ Linux \ CentOs
Показать описание
#DecodeITeS
The su (short for substitute or switch user) utility allows us to run commands with the privileges of another user, by default the root user.
Using su is the simplest way to switch to the administrative account in the current login session.
This is especially handy when the root user is not allowed to log in to the system through ssh or using the GUI display manager.
The general syntax for the su command is as follows:
su [OPTIONS] [USER [ARGUMENT...]]
When invoked without any option, the default behavior of su is to run an interactive shell as root:
su
We will then be prompted to enter the root password, and if authenticated the user running the command temporarily becomes root.
The session shell (SHELL) and home (HOME) environment variables are set from substitute user’s /etc/passwd entry, and the current directory is not changed.
To confirm that the user is changed, use the whoami command:
whoami
The command will print the name of the user running the current shell session:
root
The most commonly used option when invoking th su is -, -l, --login. This makes the shell a login shell with an environment very similar to a real login and changes the current directory:
su -
If you want to run another shell instead of the one defined in the passwd file, use the -s, --shell option. For example, to switch to the root and to run the zsh shell you would type:
su -s /usr/bin/zsh
To preserve the entire environment (HOME, SHELL, USER, and LOGNAME) of the calling user use the -p, --preserve-environment option.
su -p
When the - option is used -p is ignored.
If we want to run a command as the substitute user without starting an interactive shell , use the -c, --command option. For example, to invoke the ls -l command as root we would type:
su -c ls -l
To switch to another user account, pass the user name as an argument to su. For example, to switch to the user user1 we would type:
su user1
sudo allows a permitted user to execute a command as the superuser or as another user, as specified in the sudoers file.
The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group’s file (unless the -P option was specified).
If the invoking user is root or if the target user is the same as the invoking one, no password is required.
Otherwise, sudo requires that users authenticate themselves with a password by the default (NOTE: in the default configuration this is the user’s password, not the root password).
Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a very short period of time (5 minutes unless overridden in sudoers).
When invoked as sudoedit, the -e option (described next), is implied.
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag, a user can update the time stamp without running a command. The password prompt itself will also time out if the user’s password is not entered within 5 minutes (unless overridden via sudoers).
If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or in the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.
If sudo is run by root and the SUDO_USER environment variable is set, sudo will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the -e flag to remain useful even when being run via a sudo-run script or program. Note, however, that the sudoers lookup is still done for root, not the user-specified by SUDO_USER.
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
The su (short for substitute or switch user) utility allows us to run commands with the privileges of another user, by default the root user.
Using su is the simplest way to switch to the administrative account in the current login session.
This is especially handy when the root user is not allowed to log in to the system through ssh or using the GUI display manager.
The general syntax for the su command is as follows:
su [OPTIONS] [USER [ARGUMENT...]]
When invoked without any option, the default behavior of su is to run an interactive shell as root:
su
We will then be prompted to enter the root password, and if authenticated the user running the command temporarily becomes root.
The session shell (SHELL) and home (HOME) environment variables are set from substitute user’s /etc/passwd entry, and the current directory is not changed.
To confirm that the user is changed, use the whoami command:
whoami
The command will print the name of the user running the current shell session:
root
The most commonly used option when invoking th su is -, -l, --login. This makes the shell a login shell with an environment very similar to a real login and changes the current directory:
su -
If you want to run another shell instead of the one defined in the passwd file, use the -s, --shell option. For example, to switch to the root and to run the zsh shell you would type:
su -s /usr/bin/zsh
To preserve the entire environment (HOME, SHELL, USER, and LOGNAME) of the calling user use the -p, --preserve-environment option.
su -p
When the - option is used -p is ignored.
If we want to run a command as the substitute user without starting an interactive shell , use the -c, --command option. For example, to invoke the ls -l command as root we would type:
su -c ls -l
To switch to another user account, pass the user name as an argument to su. For example, to switch to the user user1 we would type:
su user1
sudo allows a permitted user to execute a command as the superuser or as another user, as specified in the sudoers file.
The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group’s file (unless the -P option was specified).
If the invoking user is root or if the target user is the same as the invoking one, no password is required.
Otherwise, sudo requires that users authenticate themselves with a password by the default (NOTE: in the default configuration this is the user’s password, not the root password).
Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a very short period of time (5 minutes unless overridden in sudoers).
When invoked as sudoedit, the -e option (described next), is implied.
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag, a user can update the time stamp without running a command. The password prompt itself will also time out if the user’s password is not entered within 5 minutes (unless overridden via sudoers).
If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or in the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.
If sudo is run by root and the SUDO_USER environment variable is set, sudo will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the -e flag to remain useful even when being run via a sudo-run script or program. Note, however, that the sudoers lookup is still done for root, not the user-specified by SUDO_USER.
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
0:04:18
0:05:26
0:16:20
0:26:11
0:01:36
0:28:19
0:09:03
0:00:47
0:59:07
0:06:15
0:07:13
0:12:03
0:06:41
0:09:43
0:23:51
0:03:19
0:06:26
0:05:20
0:00:37
0:00:55
0:11:36
0:10:58
0:03:25
0:01:30