termpermissiondenied

permissiondenied  时间:2021-03-17  阅读:()
HentzenwerkeWhitepaperSeriesRoot,SUandSUDOByWhilHentzenTheLinux"root"userhaswhatmanysystemadminsrefertoas'god'powers–completecontroloverthemachineandenvironment.
Inthenextbreath,anycompetentsysadminwilladmonishyoutoavoidlogginginasrootunlessabsolutelynecessary,andthenthey'lladdforeffect,"andit'salmostnevernecessary.
"ButthenewLinuxadminoruserwillfindthatrootaccessseemstobenecessaryalotmorethantheiradminfriendletson.
Thereasontheexperiencedadmindoesn'tneedtologonasrootisthatthey'vegotacoupleofrootaccesstricksuptheirsleeve,namely,the'su'and'sudo'commands.
Inthisarticle,I'llexplainhowtouse'su'and'sudo'toavoidalotofrootlogins.
HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage21.
Preface1.
1CopyrightCopyright2006andbeyondWhilHentzen.
Somerightsreserved.
ThisworkislicensedundertheCreativeCommonsAttribution-NonCommercial-NoDerivsLicense,whichbasicallymeansthatyoucancopy,distribute,anddisplayonlyunalteredcopiesofthiswork,butinreturn,youmustgivetheoriginalauthorcredit,youmaynotdistributetheworkforcommercialgain,norcreatederivativeworksbasedonitwithoutfirstlicensingthoserightsfromtheauthor.
Toviewacopyofthislicense,visithttp://creativecommons.
org/licenses/by-nc-nd/2.
0/.
1.
2Revisions1.
2.
1HistoryVersionDateSynopsisAuthor1.
0.
02006/11/04OriginalWH1.
2.
2NewversionThenewestversionofthisdocumentwillbefoundatwww.
hentzenwerke.
com.
1.
2.
3FeedbackandcorrectionsIfyouhavequestions,comments,orcorrectionsaboutthisdocument,pleasefeelfreetoemailmeat'articles@hentzenwerke.
com'.
Ialsowelcomesuggestionsforpassagesyoufindunclear.
1.
3ReferencesandacknowledgmentsThankstomanyMLUGmembersforvarioustipsandtricks,andfornotlaughingwhenIaskeddumbquestions.
1.
4DisclaimerNowarranty!
Thismaterialisprovidedasis,withnowarrantyoffitnessforanyparticularpurpose.
Usetheconcepts,examplesandothercontentatyourownrisk.
Theremaybeerrorsandinaccuraciesthatinsomeconfigurationsmaybedamagingtoyoursystem.
Theauthor(s)disavowsallliabilityforthecontentsofthisdocument.
Beforemakinganychangestoyoursystem,ensurethatyouhavebackupsandotherresourcestorestorethesystemtoitsstatebeforemakingthosechanges.
Allcopyrightsareheldbytheirrespectiveowners,unlessspecificallynotedotherwise.
Useofaterminthisdocumentshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
Namingofparticularproductsorbrandsshouldnotbeseenasendorsements.
1.
5PrerequisitesandassumptionsThisdocumentwaswrittenusingFedoraCore6,andassumesabeginner'sfamiliaritywithuseofLinuxviatheGUIandtheCommandWindow.
Ialsoassumethatyou,asaregularuser,haverootaccesstoyourmachine.
TherestofthisarticleusestheCommandWindowforitsexamplesandexercises.
2.
Commandpromptsfortherootuservs.
regularusersThecommandwindowpromptendseitherinadollarsign($)orapoundsign(#).
The$meansthatyouareloggedonasaregularuser.
The#meansyouareloggedonasroot.
HowdoyourememberthedifferenceSomepeoplerefertothepoundsignasa'splat',whichisexactlywhatyou'lldoasarootuserifyouaren'tsureaboutacommandandyou'renotcareful.
3.
ChangingtorootinsidethecommandwindowYoucanchangetorootafteropeningacommandwindowinoneoftwoways:via"su"andvia"su-".
3.
1.
The"su"commandThefirstisbyusingthe'su'command:[bob@mymachine~]$suPassword:HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage3[root@mymachinebob]#Thepasswordisfortherootuser,nottheregularuserwhowasoriginallyloggedin.
Notethatyou'restillintheuser'shomedirectory,butnowyou'reroot,whichmeansthatyouhavegodlikepowers.
You'llalsonoticethatthetitlebarofthecommandwindowhasalsochanged.
Youcanmakeanychangeyouwanttothesystem,suchasinstallsoftware,deletefiles,getintoanyoneelse'shomedirectory,andgenerallycauseallsortsofhavocifyou'renotcareful.
Forexample,"rm-rf/"willdestroyeveryfileonthemachineinaboutfiveblimptsoseconds.
3.
2.
The"su-"commandThesecondwayisusingthe"su-"command:[bob@mymachine~]$su-Password:[root@mymachine~]#Ifyouusethismethod,you'llnotethatboththepromptstringandthetitlebarhavechanged.
Alsonotethatyou'renowintherootuser'shomedirectory("/root")insteadoftheoriginaluser'shomedirectory("/home/bob").
thereasonisthatthe"-"afterthe"su"commandbringsroot'senvironmentalongwithit.
What'sanenvironmentIt'sagroupofsettings,suchastheprompt,systemvariables,andsoon,thatbelongtoaspecificuser.
Thehomedirectory,forexample,isonesuchsetting,andthecommandpromptstringisanother.
Thesecanbedifferent(andoftenare)fordifferentusers.
Whenyouusethe"su"command,you'rejustgainingrootprivileges,butyou'restillworkingintheoriginaluser'senvironment,withtheoriginaluser'spath,prompt,homedirectory,andsystemvariables.
Whenyouusethe"su-"command,youswitchyourenvironmenttothatofroot,andthat'swhyyou'resuddenlylauchedintoroot'shomedirectory.
"su-"isshortfor"su-l"or"su–login",bytheway.
4.
UsingSUDOforasingle"su"commandOftentimesyou'llfindyourselfswitchingtotherootuservia'su'inordertorunjustonecommand.
Itcanbeanuisanceifyou'redoingthisoverandover.
Youmightwanttokeepaspareterminalwindowopenandsetupasroot,butontheotherhand,youmightfindthattobetoomuchofatemptation,orjusttoodangerous.
The"sudo"commandallowsyoutogetaroundthis.
Specifically,"sudo"("SuperUserDO"),afterbeingsetupbyasystemadministrator,givesausertheabilitytorunacommandasanotheruser.
Whensetuptoallowausertorunacommandasroot,"sudo"obviatestheneedfortheregularuserto"su"torootbeforerunningthatcommand.
Asanaside,thecommandsandargumentsthattheregularuserexecutesvia"sudo"arelogged.
4.
1Setup"sudoers"Inordertouse"sudo"asaregularuser,therootuserhastomakeanentryinaspecialfile,"/etc/sudoers",thatprovidespermissionfortheusertorunaspecificallydesignatedcommandasanotherdesignateduseronadesignatedhost.
Thisisdonewithaspecialprogramcalled"visudo".
While"sudoers"isjustaplaintextfile,youareadvisedtoedititasadvised,usingthe'visudo'programinsteadofjustopening"/etc/sudo"withyourfavoritetexteditorisrecommendedforacoupleofreasons.
First,"visudo"willdosyntaxcheckingtomakesurethattheentryorentriesyou'vemadearecorrect,andsecond,conveniently,"visudo"knowswhere"sudoers"islocated.
Somefolkswillclaimthattheyedit"sudoers"withtheirowneditorandhaveneverhadproblems,butthisisn'tforinexperiencedorthefaintofheart.
Inordertogivetheuser"bob"theabilitytorunthe"kill"commandonhost'mymachine',run"visudo"asroot.
You'llseethatthe"/etc/sudoers"fileisopenedwiththevitexteditor,soyou'vegotaccesstostandardvicommandsincommandmodeandviedtiingininsertmode.
Themanualfor"sudo"(seeSection5formoreinfo)providesawealthofinformationonhowtoconstructentriesin"sudoers",astheycanberobustandextremelyflexible,providingtheabilitytocreatealiasesforusers,hostsandcommands.
Themanualcanthusalsobeoverwhelming,sohereareacoupleofsimpleexamples.
Toallow"bob"torunthescript"/etc/somescript"bobmymachine=/etc/somescriptToallow"bob"torunthe/usr/bin/killcommandbobmymachine=/usr/bin/killandtoallow"bob"torunthe/bin/lscommand,HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage4bobmymachine=/bin/ls4.
2Run"sudo"Oncethe"sudoers"commandhasbeenmodified,it'stimefor"bob"tousesudotosnooparound.
Normally,bobcan'taccessthecontentsoftherootuser'shomedirectory:[bob@mymchine~]$ls/rootls:/root:Permissiondeniedasexpected.
Butusing"sudo"andenteringroot'spassword,bobcanbenosy:[bob@mymachine~]$sudols/rootPassword:anaconda-ks.
cfgDesktopinstall.
logscsrun.
logsomething_secret[bob@mymachine~]$Afterthecommandexecutes,theuserisreturnedtotheiroriginalpermissions;sudoallowed'bob'torunjustonecommandasroot,asdesired.
5.
WheretogoformoreinformationNaturally,"mansudo"willprovidedetailedreferenceinformation,butthere'sagreatmanualwithexamplesgaloreatsudo'shomepage,www.
sudo.
ws.
6.
AbouttheauthorWhilHentzenstartedoutlifeintheearly'80'sasacustomsoftwaredeveloperusingdBASEII(hestillhastheoriginal81/2x11greybinderofdocumentation,muchtothechagrinofhiswife),andswitchedtoFoxProin1990.
Besidesbilling15,000hoursinthe90's,hepresentedmorethan70papersatconferencesthroughoutNorthAmericaandEurope,editedFoxTalk,PinnaclePublishing'shighendtechnicaljournalfor7years,hostedtheGreatLakesGreatDatabaseWorkshopsince1994.
He'swritten7booksandpublished30moreonavarietyofsoftwaredevelopmenttopics.
HewasaMicrosoftMostValuableProfessionalfrom1995through2003forhiscontributionstotheFoxProdevelopmentcommunity,andreceivedthefirstMicrosoftLifetimeAchievementAwardforVisualFoxProin2001.
WhilbeganusingLinuxonthedesktopwhenOpenOffice.
orgbecameastandardinthemainstreamdistributions,asitspelledpotentialforcustomapplicationdevelopmentinthefuture,andhasbeenaLinuxuser,developer,andevangelisteversince.
HisfirstbookonLinux,LinuxTransferforWindowsPowerUsers,waspublishedinearly2004.
HeisavailablefornewandlegacyVisualFoxProapplicationdevelopmentaswellasWebanddesktopdevelopmentonLinux.
7.
AwordfromoursponsorThisfreewhitepaperispublishedanddistributedbyHentzenwerkePublishing,Inc.
Wehavethelargestlistsof"MovingtoLinux",OpenOffice.
org,andVisualFoxProbooksontheplanet.
Wealsohaveoodlesoffreewhitepapersonourwebsiteandmorearebeingaddedregularly.
OurPreferredCustomermailinglistgetsbi-monthlyannouncementsofnewwhitepapers(andgetsdiscountsonourbooks,firstcrackatspecialdeals,andotherstuffaswethinkofit.
)Clickon"YourAccount"atwww.
hentzenwerke.
comtogetonourPreferredCustomerlist.
Ifyoufoundthiswhitepaperhelpful,checkouttheseHentzenwerkePublishingbooksaswell:LinuxTransferforWindowsNetworkAdmins:AroadmapforbuildingaLinuxfileandprintserverMichaelJangLinuxTransferforWindowsPowerUsers:GettingstartedwithLinuxforthedesktopWhilHentzenHentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
com

阿里云金秋上云季,云服务器秒杀2C2G5M年付60元起

阿里云(aliyun)在这个月又推出了一个金秋上云季活动,到9月30日前,每天两场秒杀活动,包括轻量应用服务器、云服务器、云数据库、短信包、存储包、CDN流量包等等产品,其中Aliyun轻量云服务器最低60元/年起,还可以99元续费3次!活动针对新用户和没有购买过他们的产品的老用户均可参与,每人限购1件。关于阿里云不用多说了,国内首屈一指的云服务器商家,无论建站还是学习都是相当靠谱的。活动地址:h...

RFCHOST - 洛杉矶CN2 GIA VPS季付23.9美元起 100Mbps带宽

RFCHOST,这个服务商我们可能有一些朋友知道的。不要看官网是英文就以为是老外服务商,实际上这个服务商公司在上海。我们实际上看到的很多商家,有的是繁体,有的是英文,实际上很多都是我们国人朋友做的,有的甚至还做好几个品牌域名,实际上都是一个公司。对于RFCHOST商家还是第一次分享他们家的信息,公司成立大约2015年左右。目前RFCHOST洛杉矶机房VPS正进行优惠促销,采用CN2优化线路,电信双...

WHloud Date鲸云数据($9.00/月), 韩国,日本,香港

WHloud Date(鲸云数据),原做大数据和软件开发的团队,现在转变成云计算服务,面对海内外用户提供中国大陆,韩国,日本,香港等多个地方节点服务。24*7小时的在线支持,较为全面的虚拟化构架以及全方面的技术支持!官方网站:https://www.whloud.com/WHloud Date 韩国BGP云主机少量补货随时可以开通,随时可以用,两小时内提交退款,可在工作日期间全额原路返回!支持pa...

permissiondenied为你推荐
中老铁路中长铁路的铁路的新中国历史梦之队官网NBA梦之队在哪下载?月神谭求古典武侠类的变身小说~!www.javmoo.comjavimdb是什么网站为什么打不开www.se222se.com原来的www站到底222eee怎么了莫非不是不能222eee在收视com了,/?求解m88.comm88.com现在的官方网址是哪个啊 ?m88.com分析软件?www.zhiboba.com登录哪个网站可以看nba当天的直播 是直播关键词分析如何进行关键词指数分析盗车飞侠侠盗飞车飞机秘籍弗雷德疯谁知百里挑一的冯晔炀的家乡在哪?他喜欢什么食物?喜欢去哪里旅游?
免费域名注册 域名拍卖 香港主机租用 hawkhost 美国翻墙 全球付 香港机房托管 dropbox网盘 777te gg广告 权嘉云 腾讯云分析 网通服务器 中国电信网络测速 畅行云 广州服务器托管 免费主页空间 香港ip 美国主机侦探 ipower 更多