termpermissiondenied

permissiondenied  时间:2021-03-17  阅读:()
HentzenwerkeWhitepaperSeriesRoot,SUandSUDOByWhilHentzenTheLinux"root"userhaswhatmanysystemadminsrefertoas'god'powers–completecontroloverthemachineandenvironment.
Inthenextbreath,anycompetentsysadminwilladmonishyoutoavoidlogginginasrootunlessabsolutelynecessary,andthenthey'lladdforeffect,"andit'salmostnevernecessary.
"ButthenewLinuxadminoruserwillfindthatrootaccessseemstobenecessaryalotmorethantheiradminfriendletson.
Thereasontheexperiencedadmindoesn'tneedtologonasrootisthatthey'vegotacoupleofrootaccesstricksuptheirsleeve,namely,the'su'and'sudo'commands.
Inthisarticle,I'llexplainhowtouse'su'and'sudo'toavoidalotofrootlogins.
HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage21.
Preface1.
1CopyrightCopyright2006andbeyondWhilHentzen.
Somerightsreserved.
ThisworkislicensedundertheCreativeCommonsAttribution-NonCommercial-NoDerivsLicense,whichbasicallymeansthatyoucancopy,distribute,anddisplayonlyunalteredcopiesofthiswork,butinreturn,youmustgivetheoriginalauthorcredit,youmaynotdistributetheworkforcommercialgain,norcreatederivativeworksbasedonitwithoutfirstlicensingthoserightsfromtheauthor.
Toviewacopyofthislicense,visithttp://creativecommons.
org/licenses/by-nc-nd/2.
0/.
1.
2Revisions1.
2.
1HistoryVersionDateSynopsisAuthor1.
0.
02006/11/04OriginalWH1.
2.
2NewversionThenewestversionofthisdocumentwillbefoundatwww.
hentzenwerke.
com.
1.
2.
3FeedbackandcorrectionsIfyouhavequestions,comments,orcorrectionsaboutthisdocument,pleasefeelfreetoemailmeat'articles@hentzenwerke.
com'.
Ialsowelcomesuggestionsforpassagesyoufindunclear.
1.
3ReferencesandacknowledgmentsThankstomanyMLUGmembersforvarioustipsandtricks,andfornotlaughingwhenIaskeddumbquestions.
1.
4DisclaimerNowarranty!
Thismaterialisprovidedasis,withnowarrantyoffitnessforanyparticularpurpose.
Usetheconcepts,examplesandothercontentatyourownrisk.
Theremaybeerrorsandinaccuraciesthatinsomeconfigurationsmaybedamagingtoyoursystem.
Theauthor(s)disavowsallliabilityforthecontentsofthisdocument.
Beforemakinganychangestoyoursystem,ensurethatyouhavebackupsandotherresourcestorestorethesystemtoitsstatebeforemakingthosechanges.
Allcopyrightsareheldbytheirrespectiveowners,unlessspecificallynotedotherwise.
Useofaterminthisdocumentshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
Namingofparticularproductsorbrandsshouldnotbeseenasendorsements.
1.
5PrerequisitesandassumptionsThisdocumentwaswrittenusingFedoraCore6,andassumesabeginner'sfamiliaritywithuseofLinuxviatheGUIandtheCommandWindow.
Ialsoassumethatyou,asaregularuser,haverootaccesstoyourmachine.
TherestofthisarticleusestheCommandWindowforitsexamplesandexercises.
2.
Commandpromptsfortherootuservs.
regularusersThecommandwindowpromptendseitherinadollarsign($)orapoundsign(#).
The$meansthatyouareloggedonasaregularuser.
The#meansyouareloggedonasroot.
HowdoyourememberthedifferenceSomepeoplerefertothepoundsignasa'splat',whichisexactlywhatyou'lldoasarootuserifyouaren'tsureaboutacommandandyou'renotcareful.
3.
ChangingtorootinsidethecommandwindowYoucanchangetorootafteropeningacommandwindowinoneoftwoways:via"su"andvia"su-".
3.
1.
The"su"commandThefirstisbyusingthe'su'command:[bob@mymachine~]$suPassword:HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage3[root@mymachinebob]#Thepasswordisfortherootuser,nottheregularuserwhowasoriginallyloggedin.
Notethatyou'restillintheuser'shomedirectory,butnowyou'reroot,whichmeansthatyouhavegodlikepowers.
You'llalsonoticethatthetitlebarofthecommandwindowhasalsochanged.
Youcanmakeanychangeyouwanttothesystem,suchasinstallsoftware,deletefiles,getintoanyoneelse'shomedirectory,andgenerallycauseallsortsofhavocifyou'renotcareful.
Forexample,"rm-rf/"willdestroyeveryfileonthemachineinaboutfiveblimptsoseconds.
3.
2.
The"su-"commandThesecondwayisusingthe"su-"command:[bob@mymachine~]$su-Password:[root@mymachine~]#Ifyouusethismethod,you'llnotethatboththepromptstringandthetitlebarhavechanged.
Alsonotethatyou'renowintherootuser'shomedirectory("/root")insteadoftheoriginaluser'shomedirectory("/home/bob").
thereasonisthatthe"-"afterthe"su"commandbringsroot'senvironmentalongwithit.
What'sanenvironmentIt'sagroupofsettings,suchastheprompt,systemvariables,andsoon,thatbelongtoaspecificuser.
Thehomedirectory,forexample,isonesuchsetting,andthecommandpromptstringisanother.
Thesecanbedifferent(andoftenare)fordifferentusers.
Whenyouusethe"su"command,you'rejustgainingrootprivileges,butyou'restillworkingintheoriginaluser'senvironment,withtheoriginaluser'spath,prompt,homedirectory,andsystemvariables.
Whenyouusethe"su-"command,youswitchyourenvironmenttothatofroot,andthat'swhyyou'resuddenlylauchedintoroot'shomedirectory.
"su-"isshortfor"su-l"or"su–login",bytheway.
4.
UsingSUDOforasingle"su"commandOftentimesyou'llfindyourselfswitchingtotherootuservia'su'inordertorunjustonecommand.
Itcanbeanuisanceifyou'redoingthisoverandover.
Youmightwanttokeepaspareterminalwindowopenandsetupasroot,butontheotherhand,youmightfindthattobetoomuchofatemptation,orjusttoodangerous.
The"sudo"commandallowsyoutogetaroundthis.
Specifically,"sudo"("SuperUserDO"),afterbeingsetupbyasystemadministrator,givesausertheabilitytorunacommandasanotheruser.
Whensetuptoallowausertorunacommandasroot,"sudo"obviatestheneedfortheregularuserto"su"torootbeforerunningthatcommand.
Asanaside,thecommandsandargumentsthattheregularuserexecutesvia"sudo"arelogged.
4.
1Setup"sudoers"Inordertouse"sudo"asaregularuser,therootuserhastomakeanentryinaspecialfile,"/etc/sudoers",thatprovidespermissionfortheusertorunaspecificallydesignatedcommandasanotherdesignateduseronadesignatedhost.
Thisisdonewithaspecialprogramcalled"visudo".
While"sudoers"isjustaplaintextfile,youareadvisedtoedititasadvised,usingthe'visudo'programinsteadofjustopening"/etc/sudo"withyourfavoritetexteditorisrecommendedforacoupleofreasons.
First,"visudo"willdosyntaxcheckingtomakesurethattheentryorentriesyou'vemadearecorrect,andsecond,conveniently,"visudo"knowswhere"sudoers"islocated.
Somefolkswillclaimthattheyedit"sudoers"withtheirowneditorandhaveneverhadproblems,butthisisn'tforinexperiencedorthefaintofheart.
Inordertogivetheuser"bob"theabilitytorunthe"kill"commandonhost'mymachine',run"visudo"asroot.
You'llseethatthe"/etc/sudoers"fileisopenedwiththevitexteditor,soyou'vegotaccesstostandardvicommandsincommandmodeandviedtiingininsertmode.
Themanualfor"sudo"(seeSection5formoreinfo)providesawealthofinformationonhowtoconstructentriesin"sudoers",astheycanberobustandextremelyflexible,providingtheabilitytocreatealiasesforusers,hostsandcommands.
Themanualcanthusalsobeoverwhelming,sohereareacoupleofsimpleexamples.
Toallow"bob"torunthescript"/etc/somescript"bobmymachine=/etc/somescriptToallow"bob"torunthe/usr/bin/killcommandbobmymachine=/usr/bin/killandtoallow"bob"torunthe/bin/lscommand,HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage4bobmymachine=/bin/ls4.
2Run"sudo"Oncethe"sudoers"commandhasbeenmodified,it'stimefor"bob"tousesudotosnooparound.
Normally,bobcan'taccessthecontentsoftherootuser'shomedirectory:[bob@mymchine~]$ls/rootls:/root:Permissiondeniedasexpected.
Butusing"sudo"andenteringroot'spassword,bobcanbenosy:[bob@mymachine~]$sudols/rootPassword:anaconda-ks.
cfgDesktopinstall.
logscsrun.
logsomething_secret[bob@mymachine~]$Afterthecommandexecutes,theuserisreturnedtotheiroriginalpermissions;sudoallowed'bob'torunjustonecommandasroot,asdesired.
5.
WheretogoformoreinformationNaturally,"mansudo"willprovidedetailedreferenceinformation,butthere'sagreatmanualwithexamplesgaloreatsudo'shomepage,www.
sudo.
ws.
6.
AbouttheauthorWhilHentzenstartedoutlifeintheearly'80'sasacustomsoftwaredeveloperusingdBASEII(hestillhastheoriginal81/2x11greybinderofdocumentation,muchtothechagrinofhiswife),andswitchedtoFoxProin1990.
Besidesbilling15,000hoursinthe90's,hepresentedmorethan70papersatconferencesthroughoutNorthAmericaandEurope,editedFoxTalk,PinnaclePublishing'shighendtechnicaljournalfor7years,hostedtheGreatLakesGreatDatabaseWorkshopsince1994.
He'swritten7booksandpublished30moreonavarietyofsoftwaredevelopmenttopics.
HewasaMicrosoftMostValuableProfessionalfrom1995through2003forhiscontributionstotheFoxProdevelopmentcommunity,andreceivedthefirstMicrosoftLifetimeAchievementAwardforVisualFoxProin2001.
WhilbeganusingLinuxonthedesktopwhenOpenOffice.
orgbecameastandardinthemainstreamdistributions,asitspelledpotentialforcustomapplicationdevelopmentinthefuture,andhasbeenaLinuxuser,developer,andevangelisteversince.
HisfirstbookonLinux,LinuxTransferforWindowsPowerUsers,waspublishedinearly2004.
HeisavailablefornewandlegacyVisualFoxProapplicationdevelopmentaswellasWebanddesktopdevelopmentonLinux.
7.
AwordfromoursponsorThisfreewhitepaperispublishedanddistributedbyHentzenwerkePublishing,Inc.
Wehavethelargestlistsof"MovingtoLinux",OpenOffice.
org,andVisualFoxProbooksontheplanet.
Wealsohaveoodlesoffreewhitepapersonourwebsiteandmorearebeingaddedregularly.
OurPreferredCustomermailinglistgetsbi-monthlyannouncementsofnewwhitepapers(andgetsdiscountsonourbooks,firstcrackatspecialdeals,andotherstuffaswethinkofit.
)Clickon"YourAccount"atwww.
hentzenwerke.
comtogetonourPreferredCustomerlist.
Ifyoufoundthiswhitepaperhelpful,checkouttheseHentzenwerkePublishingbooksaswell:LinuxTransferforWindowsNetworkAdmins:AroadmapforbuildingaLinuxfileandprintserverMichaelJangLinuxTransferforWindowsPowerUsers:GettingstartedwithLinuxforthedesktopWhilHentzenHentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
com

Megalayer 香港CN2优化线路VPS主机速度和性能综合评测

对于Megalayer云服务器提供商在之前也有对于他们家的美国服务器和香港服务器进行过评测和介绍,但是对于大部分网友来说需要独立服务器和站群服务器并不是特别的普及,我们很多网友使用较多的还是云服务器或者VPS主机比较多。在前面也有在"Megalayer新增香港VPS主机 1GB内存 50GB SSD 2M带宽 月59元"文章中有介绍到Megalayer商家有新增香港CN2优化VPS主机。那时候看这...

恒创科技SonderCloud,美国VPS综合性能测评报告,美国洛杉矶机房,CN2+BGP优质线路,2核4G内存10Mbps带宽,适用于稳定建站业务需求

最近主机参考拿到了一台恒创科技的美国VPS云服务器测试机器,那具体恒创科技美国云服务器性能到底怎么样呢?主机参考进行了一番VPS测评,大家可以参考一下,总体来说还是非常不错的,是值得购买的。非常适用于稳定建站业务需求。恒创科技服务器怎么样?恒创科技服务器好不好?henghost怎么样?henghost值不值得购买?SonderCloud服务器好不好?恒创科技henghost值不值得购买?恒创科技是...

无法忍受旧版不兼容PHP7+主题 更换新主题

今天父亲节我们有没有陪伴家人一起吃个饭,还是打个电话问候一下。前一段时间同学将网站账户给我说可以有空更新点信息确保他在没有时间的时候还能保持网站有一定的更新内容。不过,他这个网站之前采用的主题也不知道来源哪里,总之各种不合适,文件中很多都是他多年来手工修改的主题拼接的,并非完全适应WordPress已有的函数,有些函数还不兼容最新的PHP版本,于是每次出现问题都要去排查。于是和他商量后,就抽时间把...

permissiondenied为你推荐
留学生认证留学生为什么要做学历认证?老虎数码相机里的传感器CCD和CMO是什么意思?陈嘉垣陈浩民、马德钟强吻女星陈嘉桓,求大家一个说法。曲妙玲张婉悠香艳版《白蛇传》是电影还是写真集?月神谭适合12岁男孩的网名,要非主流的,帮吗找找,谢啦www.7788dy.comwww.tom365.com这个免费的电影网站有毒吗?www.22zizi.com乐乐电影天堂 http://www.leleooo.com 这个网站怎么样?m.yushuwu.org花样滑冰名将YU NA KIM的资料谁有?朴容熙给我介绍几个韩国 ulzzang 最好是像柳惠珠那样的 不要出道的...29ff.comhttp://fcm.com在哪里输入这个网址啊
域名空间购买 域名备案流程 互联网域名管理办法 长沙服务器 网盘申请 e蜗 183是联通还是移动 hkg 共享主机 免费活动 流量计费 tna官网 中国电信测速网 美国免费空间 如何用qq邮箱发邮件 卡巴斯基破解版 华为云盘 512mb 秒杀品 网页加速 更多