HentzenwerkeWhitepaperSeriesRoot,SUandSUDOByWhilHentzenTheLinux"root"userhaswhatmanysystemadminsrefertoas'god'powers–completecontroloverthemachineandenvironment.
Inthenextbreath,anycompetentsysadminwilladmonishyoutoavoidlogginginasrootunlessabsolutelynecessary,andthenthey'lladdforeffect,"andit'salmostnevernecessary.
"ButthenewLinuxadminoruserwillfindthatrootaccessseemstobenecessaryalotmorethantheiradminfriendletson.
Thereasontheexperiencedadmindoesn'tneedtologonasrootisthatthey'vegotacoupleofrootaccesstricksuptheirsleeve,namely,the'su'and'sudo'commands.
Inthisarticle,I'llexplainhowtouse'su'and'sudo'toavoidalotofrootlogins.
HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage21.
Preface1.
1CopyrightCopyright2006andbeyondWhilHentzen.
Somerightsreserved.
ThisworkislicensedundertheCreativeCommonsAttribution-NonCommercial-NoDerivsLicense,whichbasicallymeansthatyoucancopy,distribute,anddisplayonlyunalteredcopiesofthiswork,butinreturn,youmustgivetheoriginalauthorcredit,youmaynotdistributetheworkforcommercialgain,norcreatederivativeworksbasedonitwithoutfirstlicensingthoserightsfromtheauthor.
Toviewacopyofthislicense,visithttp://creativecommons.
org/licenses/by-nc-nd/2.
0/.
1.
2Revisions1.
2.
1HistoryVersionDateSynopsisAuthor1.
0.
02006/11/04OriginalWH1.
2.
2NewversionThenewestversionofthisdocumentwillbefoundatwww.
hentzenwerke.
com.
1.
2.
3FeedbackandcorrectionsIfyouhavequestions,comments,orcorrectionsaboutthisdocument,pleasefeelfreetoemailmeat'articles@hentzenwerke.
com'.
Ialsowelcomesuggestionsforpassagesyoufindunclear.
1.
3ReferencesandacknowledgmentsThankstomanyMLUGmembersforvarioustipsandtricks,andfornotlaughingwhenIaskeddumbquestions.
1.
4DisclaimerNowarranty!
Thismaterialisprovidedasis,withnowarrantyoffitnessforanyparticularpurpose.
Usetheconcepts,examplesandothercontentatyourownrisk.
Theremaybeerrorsandinaccuraciesthatinsomeconfigurationsmaybedamagingtoyoursystem.
Theauthor(s)disavowsallliabilityforthecontentsofthisdocument.
Beforemakinganychangestoyoursystem,ensurethatyouhavebackupsandotherresourcestorestorethesystemtoitsstatebeforemakingthosechanges.
Allcopyrightsareheldbytheirrespectiveowners,unlessspecificallynotedotherwise.
Useofaterminthisdocumentshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
Namingofparticularproductsorbrandsshouldnotbeseenasendorsements.
1.
5PrerequisitesandassumptionsThisdocumentwaswrittenusingFedoraCore6,andassumesabeginner'sfamiliaritywithuseofLinuxviatheGUIandtheCommandWindow.
Ialsoassumethatyou,asaregularuser,haverootaccesstoyourmachine.
TherestofthisarticleusestheCommandWindowforitsexamplesandexercises.
2.
Commandpromptsfortherootuservs.
regularusersThecommandwindowpromptendseitherinadollarsign($)orapoundsign(#).
The$meansthatyouareloggedonasaregularuser.
The#meansyouareloggedonasroot.
HowdoyourememberthedifferenceSomepeoplerefertothepoundsignasa'splat',whichisexactlywhatyou'lldoasarootuserifyouaren'tsureaboutacommandandyou'renotcareful.
3.
ChangingtorootinsidethecommandwindowYoucanchangetorootafteropeningacommandwindowinoneoftwoways:via"su"andvia"su-".
3.
1.
The"su"commandThefirstisbyusingthe'su'command:[bob@mymachine~]$suPassword:HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage3[root@mymachinebob]#Thepasswordisfortherootuser,nottheregularuserwhowasoriginallyloggedin.
Notethatyou'restillintheuser'shomedirectory,butnowyou'reroot,whichmeansthatyouhavegodlikepowers.
You'llalsonoticethatthetitlebarofthecommandwindowhasalsochanged.
Youcanmakeanychangeyouwanttothesystem,suchasinstallsoftware,deletefiles,getintoanyoneelse'shomedirectory,andgenerallycauseallsortsofhavocifyou'renotcareful.
Forexample,"rm-rf/"willdestroyeveryfileonthemachineinaboutfiveblimptsoseconds.
3.
2.
The"su-"commandThesecondwayisusingthe"su-"command:[bob@mymachine~]$su-Password:[root@mymachine~]#Ifyouusethismethod,you'llnotethatboththepromptstringandthetitlebarhavechanged.
Alsonotethatyou'renowintherootuser'shomedirectory("/root")insteadoftheoriginaluser'shomedirectory("/home/bob").
thereasonisthatthe"-"afterthe"su"commandbringsroot'senvironmentalongwithit.
What'sanenvironmentIt'sagroupofsettings,suchastheprompt,systemvariables,andsoon,thatbelongtoaspecificuser.
Thehomedirectory,forexample,isonesuchsetting,andthecommandpromptstringisanother.
Thesecanbedifferent(andoftenare)fordifferentusers.
Whenyouusethe"su"command,you'rejustgainingrootprivileges,butyou'restillworkingintheoriginaluser'senvironment,withtheoriginaluser'spath,prompt,homedirectory,andsystemvariables.
Whenyouusethe"su-"command,youswitchyourenvironmenttothatofroot,andthat'swhyyou'resuddenlylauchedintoroot'shomedirectory.
"su-"isshortfor"su-l"or"su–login",bytheway.
4.
UsingSUDOforasingle"su"commandOftentimesyou'llfindyourselfswitchingtotherootuservia'su'inordertorunjustonecommand.
Itcanbeanuisanceifyou'redoingthisoverandover.
Youmightwanttokeepaspareterminalwindowopenandsetupasroot,butontheotherhand,youmightfindthattobetoomuchofatemptation,orjusttoodangerous.
The"sudo"commandallowsyoutogetaroundthis.
Specifically,"sudo"("SuperUserDO"),afterbeingsetupbyasystemadministrator,givesausertheabilitytorunacommandasanotheruser.
Whensetuptoallowausertorunacommandasroot,"sudo"obviatestheneedfortheregularuserto"su"torootbeforerunningthatcommand.
Asanaside,thecommandsandargumentsthattheregularuserexecutesvia"sudo"arelogged.
4.
1Setup"sudoers"Inordertouse"sudo"asaregularuser,therootuserhastomakeanentryinaspecialfile,"/etc/sudoers",thatprovidespermissionfortheusertorunaspecificallydesignatedcommandasanotherdesignateduseronadesignatedhost.
Thisisdonewithaspecialprogramcalled"visudo".
While"sudoers"isjustaplaintextfile,youareadvisedtoedititasadvised,usingthe'visudo'programinsteadofjustopening"/etc/sudo"withyourfavoritetexteditorisrecommendedforacoupleofreasons.
First,"visudo"willdosyntaxcheckingtomakesurethattheentryorentriesyou'vemadearecorrect,andsecond,conveniently,"visudo"knowswhere"sudoers"islocated.
Somefolkswillclaimthattheyedit"sudoers"withtheirowneditorandhaveneverhadproblems,butthisisn'tforinexperiencedorthefaintofheart.
Inordertogivetheuser"bob"theabilitytorunthe"kill"commandonhost'mymachine',run"visudo"asroot.
You'llseethatthe"/etc/sudoers"fileisopenedwiththevitexteditor,soyou'vegotaccesstostandardvicommandsincommandmodeandviedtiingininsertmode.
Themanualfor"sudo"(seeSection5formoreinfo)providesawealthofinformationonhowtoconstructentriesin"sudoers",astheycanberobustandextremelyflexible,providingtheabilitytocreatealiasesforusers,hostsandcommands.
Themanualcanthusalsobeoverwhelming,sohereareacoupleofsimpleexamples.
Toallow"bob"torunthescript"/etc/somescript"bobmymachine=/etc/somescriptToallow"bob"torunthe/usr/bin/killcommandbobmymachine=/usr/bin/killandtoallow"bob"torunthe/bin/lscommand,HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage4bobmymachine=/bin/ls4.
2Run"sudo"Oncethe"sudoers"commandhasbeenmodified,it'stimefor"bob"tousesudotosnooparound.
Normally,bobcan'taccessthecontentsoftherootuser'shomedirectory:[bob@mymchine~]$ls/rootls:/root:Permissiondeniedasexpected.
Butusing"sudo"andenteringroot'spassword,bobcanbenosy:[bob@mymachine~]$sudols/rootPassword:anaconda-ks.
cfgDesktopinstall.
logscsrun.
logsomething_secret[bob@mymachine~]$Afterthecommandexecutes,theuserisreturnedtotheiroriginalpermissions;sudoallowed'bob'torunjustonecommandasroot,asdesired.
5.
WheretogoformoreinformationNaturally,"mansudo"willprovidedetailedreferenceinformation,butthere'sagreatmanualwithexamplesgaloreatsudo'shomepage,www.
sudo.
ws.
6.
AbouttheauthorWhilHentzenstartedoutlifeintheearly'80'sasacustomsoftwaredeveloperusingdBASEII(hestillhastheoriginal81/2x11greybinderofdocumentation,muchtothechagrinofhiswife),andswitchedtoFoxProin1990.
Besidesbilling15,000hoursinthe90's,hepresentedmorethan70papersatconferencesthroughoutNorthAmericaandEurope,editedFoxTalk,PinnaclePublishing'shighendtechnicaljournalfor7years,hostedtheGreatLakesGreatDatabaseWorkshopsince1994.
He'swritten7booksandpublished30moreonavarietyofsoftwaredevelopmenttopics.
HewasaMicrosoftMostValuableProfessionalfrom1995through2003forhiscontributionstotheFoxProdevelopmentcommunity,andreceivedthefirstMicrosoftLifetimeAchievementAwardforVisualFoxProin2001.
WhilbeganusingLinuxonthedesktopwhenOpenOffice.
orgbecameastandardinthemainstreamdistributions,asitspelledpotentialforcustomapplicationdevelopmentinthefuture,andhasbeenaLinuxuser,developer,andevangelisteversince.
HisfirstbookonLinux,LinuxTransferforWindowsPowerUsers,waspublishedinearly2004.
HeisavailablefornewandlegacyVisualFoxProapplicationdevelopmentaswellasWebanddesktopdevelopmentonLinux.
7.
AwordfromoursponsorThisfreewhitepaperispublishedanddistributedbyHentzenwerkePublishing,Inc.
Wehavethelargestlistsof"MovingtoLinux",OpenOffice.
org,andVisualFoxProbooksontheplanet.
Wealsohaveoodlesoffreewhitepapersonourwebsiteandmorearebeingaddedregularly.
OurPreferredCustomermailinglistgetsbi-monthlyannouncementsofnewwhitepapers(andgetsdiscountsonourbooks,firstcrackatspecialdeals,andotherstuffaswethinkofit.
)Clickon"YourAccount"atwww.
hentzenwerke.
comtogetonourPreferredCustomerlist.
Ifyoufoundthiswhitepaperhelpful,checkouttheseHentzenwerkePublishingbooksaswell:LinuxTransferforWindowsNetworkAdmins:AroadmapforbuildingaLinuxfileandprintserverMichaelJangLinuxTransferforWindowsPowerUsers:GettingstartedwithLinuxforthedesktopWhilHentzenHentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
com
国庆钜惠 最低5折起 限量促销CYUN专注海外精品服务器资源,主营香港CN2 GIA、美国CERA、美国高防服务器资源,实体公司,ISP/IDC资质齐全,客服配备齐全。本次针对国庆推出非常给力的促销活动,旗下所有平台同享,新老客户同享,限时限量,售完截止。活动截止时间:2021年10月9日官网地址:www.cyun.net参与机型:香港CN2 GIA云服务器、香港双程CN2云服...
昨天有分享到"2021年Vultr新用户福利注册账户赠送50美元"文章,居然还有网友曾经没有注册过他家的账户,薅过他们家的羊毛。通过一阵折腾居然能注册到账户,但是对于如何开通云服务器稍微有点不对劲,对于新人来说确实有点疑惑。因为Vultr采用的是预付费充值方式,会在每月的一号扣费,当然我们账户需要存留余额或者我们采用自动扣费支付模式。把笔记中以前的文章推送给网友查看,他居然告诉我界面不同,看的不对...
hostkvm怎么样?hostkvm是一家国内老牌主机商家,商家主要销售KVM架构的VPS,目前有美国、日本、韩国、中国香港等地的服务,站长目前还持有他家香港CN2线路的套餐,已经用了一年多了,除了前段时间香港被整段攻击以外,一直非常稳定,是做站的不二选择,目前商家针对香港云地和韩国机房的套餐进行7折优惠,其他套餐为8折,商家支持paypal和支付宝付款。点击进入:hostkvm官方网站地址hos...
permissiondenied为你推荐
蓝瘦香菇被抢注最近火爆朋友圈的蓝瘦 香菇是什么意思?站酷zcool北京站酷网络科技有限公司怎么样?vc组合维生素C和维生素E混合胶囊有用吗,还是分开的好?brandoff淘宝上的代购奢侈品都是真品吗?今日油条联通大王卡看今日头条免流量吗?原代码什么是原代码www.javmoo.comJAV编程怎么做?avtt4.comwww.51kao4.com为什么进不去啊?33tutu.comDnf绝望100鬼泣怎么过66smsm.comffff66com手机可以观看视频吗?
阿里云邮箱登陆首页 fastdomain 免备案空间 火车票抢票攻略 线路工具 厦门电信 服务器是干什么用的 便宜空间 百度云加速 美国凤凰城 服务器维护 畅行云 免费蓝钻 博客域名 nnt 亿库 hosting24 中美互联网论坛 alexa世界排名 ftp是什么东西 更多