termpermissiondenied

permissiondenied  时间:2021-03-17  阅读:()
HentzenwerkeWhitepaperSeriesRoot,SUandSUDOByWhilHentzenTheLinux"root"userhaswhatmanysystemadminsrefertoas'god'powers–completecontroloverthemachineandenvironment.
Inthenextbreath,anycompetentsysadminwilladmonishyoutoavoidlogginginasrootunlessabsolutelynecessary,andthenthey'lladdforeffect,"andit'salmostnevernecessary.
"ButthenewLinuxadminoruserwillfindthatrootaccessseemstobenecessaryalotmorethantheiradminfriendletson.
Thereasontheexperiencedadmindoesn'tneedtologonasrootisthatthey'vegotacoupleofrootaccesstricksuptheirsleeve,namely,the'su'and'sudo'commands.
Inthisarticle,I'llexplainhowtouse'su'and'sudo'toavoidalotofrootlogins.
HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage21.
Preface1.
1CopyrightCopyright2006andbeyondWhilHentzen.
Somerightsreserved.
ThisworkislicensedundertheCreativeCommonsAttribution-NonCommercial-NoDerivsLicense,whichbasicallymeansthatyoucancopy,distribute,anddisplayonlyunalteredcopiesofthiswork,butinreturn,youmustgivetheoriginalauthorcredit,youmaynotdistributetheworkforcommercialgain,norcreatederivativeworksbasedonitwithoutfirstlicensingthoserightsfromtheauthor.
Toviewacopyofthislicense,visithttp://creativecommons.
org/licenses/by-nc-nd/2.
0/.
1.
2Revisions1.
2.
1HistoryVersionDateSynopsisAuthor1.
0.
02006/11/04OriginalWH1.
2.
2NewversionThenewestversionofthisdocumentwillbefoundatwww.
hentzenwerke.
com.
1.
2.
3FeedbackandcorrectionsIfyouhavequestions,comments,orcorrectionsaboutthisdocument,pleasefeelfreetoemailmeat'articles@hentzenwerke.
com'.
Ialsowelcomesuggestionsforpassagesyoufindunclear.
1.
3ReferencesandacknowledgmentsThankstomanyMLUGmembersforvarioustipsandtricks,andfornotlaughingwhenIaskeddumbquestions.
1.
4DisclaimerNowarranty!
Thismaterialisprovidedasis,withnowarrantyoffitnessforanyparticularpurpose.
Usetheconcepts,examplesandothercontentatyourownrisk.
Theremaybeerrorsandinaccuraciesthatinsomeconfigurationsmaybedamagingtoyoursystem.
Theauthor(s)disavowsallliabilityforthecontentsofthisdocument.
Beforemakinganychangestoyoursystem,ensurethatyouhavebackupsandotherresourcestorestorethesystemtoitsstatebeforemakingthosechanges.
Allcopyrightsareheldbytheirrespectiveowners,unlessspecificallynotedotherwise.
Useofaterminthisdocumentshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
Namingofparticularproductsorbrandsshouldnotbeseenasendorsements.
1.
5PrerequisitesandassumptionsThisdocumentwaswrittenusingFedoraCore6,andassumesabeginner'sfamiliaritywithuseofLinuxviatheGUIandtheCommandWindow.
Ialsoassumethatyou,asaregularuser,haverootaccesstoyourmachine.
TherestofthisarticleusestheCommandWindowforitsexamplesandexercises.
2.
Commandpromptsfortherootuservs.
regularusersThecommandwindowpromptendseitherinadollarsign($)orapoundsign(#).
The$meansthatyouareloggedonasaregularuser.
The#meansyouareloggedonasroot.
HowdoyourememberthedifferenceSomepeoplerefertothepoundsignasa'splat',whichisexactlywhatyou'lldoasarootuserifyouaren'tsureaboutacommandandyou'renotcareful.
3.
ChangingtorootinsidethecommandwindowYoucanchangetorootafteropeningacommandwindowinoneoftwoways:via"su"andvia"su-".
3.
1.
The"su"commandThefirstisbyusingthe'su'command:[bob@mymachine~]$suPassword:HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage3[root@mymachinebob]#Thepasswordisfortherootuser,nottheregularuserwhowasoriginallyloggedin.
Notethatyou'restillintheuser'shomedirectory,butnowyou'reroot,whichmeansthatyouhavegodlikepowers.
You'llalsonoticethatthetitlebarofthecommandwindowhasalsochanged.
Youcanmakeanychangeyouwanttothesystem,suchasinstallsoftware,deletefiles,getintoanyoneelse'shomedirectory,andgenerallycauseallsortsofhavocifyou'renotcareful.
Forexample,"rm-rf/"willdestroyeveryfileonthemachineinaboutfiveblimptsoseconds.
3.
2.
The"su-"commandThesecondwayisusingthe"su-"command:[bob@mymachine~]$su-Password:[root@mymachine~]#Ifyouusethismethod,you'llnotethatboththepromptstringandthetitlebarhavechanged.
Alsonotethatyou'renowintherootuser'shomedirectory("/root")insteadoftheoriginaluser'shomedirectory("/home/bob").
thereasonisthatthe"-"afterthe"su"commandbringsroot'senvironmentalongwithit.
What'sanenvironmentIt'sagroupofsettings,suchastheprompt,systemvariables,andsoon,thatbelongtoaspecificuser.
Thehomedirectory,forexample,isonesuchsetting,andthecommandpromptstringisanother.
Thesecanbedifferent(andoftenare)fordifferentusers.
Whenyouusethe"su"command,you'rejustgainingrootprivileges,butyou'restillworkingintheoriginaluser'senvironment,withtheoriginaluser'spath,prompt,homedirectory,andsystemvariables.
Whenyouusethe"su-"command,youswitchyourenvironmenttothatofroot,andthat'swhyyou'resuddenlylauchedintoroot'shomedirectory.
"su-"isshortfor"su-l"or"su–login",bytheway.
4.
UsingSUDOforasingle"su"commandOftentimesyou'llfindyourselfswitchingtotherootuservia'su'inordertorunjustonecommand.
Itcanbeanuisanceifyou'redoingthisoverandover.
Youmightwanttokeepaspareterminalwindowopenandsetupasroot,butontheotherhand,youmightfindthattobetoomuchofatemptation,orjusttoodangerous.
The"sudo"commandallowsyoutogetaroundthis.
Specifically,"sudo"("SuperUserDO"),afterbeingsetupbyasystemadministrator,givesausertheabilitytorunacommandasanotheruser.
Whensetuptoallowausertorunacommandasroot,"sudo"obviatestheneedfortheregularuserto"su"torootbeforerunningthatcommand.
Asanaside,thecommandsandargumentsthattheregularuserexecutesvia"sudo"arelogged.
4.
1Setup"sudoers"Inordertouse"sudo"asaregularuser,therootuserhastomakeanentryinaspecialfile,"/etc/sudoers",thatprovidespermissionfortheusertorunaspecificallydesignatedcommandasanotherdesignateduseronadesignatedhost.
Thisisdonewithaspecialprogramcalled"visudo".
While"sudoers"isjustaplaintextfile,youareadvisedtoedititasadvised,usingthe'visudo'programinsteadofjustopening"/etc/sudo"withyourfavoritetexteditorisrecommendedforacoupleofreasons.
First,"visudo"willdosyntaxcheckingtomakesurethattheentryorentriesyou'vemadearecorrect,andsecond,conveniently,"visudo"knowswhere"sudoers"islocated.
Somefolkswillclaimthattheyedit"sudoers"withtheirowneditorandhaveneverhadproblems,butthisisn'tforinexperiencedorthefaintofheart.
Inordertogivetheuser"bob"theabilitytorunthe"kill"commandonhost'mymachine',run"visudo"asroot.
You'llseethatthe"/etc/sudoers"fileisopenedwiththevitexteditor,soyou'vegotaccesstostandardvicommandsincommandmodeandviedtiingininsertmode.
Themanualfor"sudo"(seeSection5formoreinfo)providesawealthofinformationonhowtoconstructentriesin"sudoers",astheycanberobustandextremelyflexible,providingtheabilitytocreatealiasesforusers,hostsandcommands.
Themanualcanthusalsobeoverwhelming,sohereareacoupleofsimpleexamples.
Toallow"bob"torunthescript"/etc/somescript"bobmymachine=/etc/somescriptToallow"bob"torunthe/usr/bin/killcommandbobmymachine=/usr/bin/killandtoallow"bob"torunthe/bin/lscommand,HentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
comRoot,SUandSUDOPage4bobmymachine=/bin/ls4.
2Run"sudo"Oncethe"sudoers"commandhasbeenmodified,it'stimefor"bob"tousesudotosnooparound.
Normally,bobcan'taccessthecontentsoftherootuser'shomedirectory:[bob@mymchine~]$ls/rootls:/root:Permissiondeniedasexpected.
Butusing"sudo"andenteringroot'spassword,bobcanbenosy:[bob@mymachine~]$sudols/rootPassword:anaconda-ks.
cfgDesktopinstall.
logscsrun.
logsomething_secret[bob@mymachine~]$Afterthecommandexecutes,theuserisreturnedtotheiroriginalpermissions;sudoallowed'bob'torunjustonecommandasroot,asdesired.
5.
WheretogoformoreinformationNaturally,"mansudo"willprovidedetailedreferenceinformation,butthere'sagreatmanualwithexamplesgaloreatsudo'shomepage,www.
sudo.
ws.
6.
AbouttheauthorWhilHentzenstartedoutlifeintheearly'80'sasacustomsoftwaredeveloperusingdBASEII(hestillhastheoriginal81/2x11greybinderofdocumentation,muchtothechagrinofhiswife),andswitchedtoFoxProin1990.
Besidesbilling15,000hoursinthe90's,hepresentedmorethan70papersatconferencesthroughoutNorthAmericaandEurope,editedFoxTalk,PinnaclePublishing'shighendtechnicaljournalfor7years,hostedtheGreatLakesGreatDatabaseWorkshopsince1994.
He'swritten7booksandpublished30moreonavarietyofsoftwaredevelopmenttopics.
HewasaMicrosoftMostValuableProfessionalfrom1995through2003forhiscontributionstotheFoxProdevelopmentcommunity,andreceivedthefirstMicrosoftLifetimeAchievementAwardforVisualFoxProin2001.
WhilbeganusingLinuxonthedesktopwhenOpenOffice.
orgbecameastandardinthemainstreamdistributions,asitspelledpotentialforcustomapplicationdevelopmentinthefuture,andhasbeenaLinuxuser,developer,andevangelisteversince.
HisfirstbookonLinux,LinuxTransferforWindowsPowerUsers,waspublishedinearly2004.
HeisavailablefornewandlegacyVisualFoxProapplicationdevelopmentaswellasWebanddesktopdevelopmentonLinux.
7.
AwordfromoursponsorThisfreewhitepaperispublishedanddistributedbyHentzenwerkePublishing,Inc.
Wehavethelargestlistsof"MovingtoLinux",OpenOffice.
org,andVisualFoxProbooksontheplanet.
Wealsohaveoodlesoffreewhitepapersonourwebsiteandmorearebeingaddedregularly.
OurPreferredCustomermailinglistgetsbi-monthlyannouncementsofnewwhitepapers(andgetsdiscountsonourbooks,firstcrackatspecialdeals,andotherstuffaswethinkofit.
)Clickon"YourAccount"atwww.
hentzenwerke.
comtogetonourPreferredCustomerlist.
Ifyoufoundthiswhitepaperhelpful,checkouttheseHentzenwerkePublishingbooksaswell:LinuxTransferforWindowsNetworkAdmins:AroadmapforbuildingaLinuxfileandprintserverMichaelJangLinuxTransferforWindowsPowerUsers:GettingstartedwithLinuxforthedesktopWhilHentzenHentzenwerkePublishing,Inc.
articles@hentzenwerke.
comwww.
hentzenwerke.
com

PacificRack(19.9美元/年)内存1Gbps带vps1GB洛杉矶QN机房,七月特价优惠

pacificrack怎么样?pacificrack商家发布了七月最新优惠VPS云服务器计划方案,推出新款优惠便宜VPS云服务器采用的是国产魔方管理系统,也就是PR-M系列,全系基于KVM虚拟架构,这次支持Windows server 2003、2008R2、2012R2、2016、2019、Windows 7、Windows 10以及Linux等操作系统,最低配置为1核心2G内存1Gbps带宽1...

tmhhost:暑假快乐,全高端线路,VPS直接8折,200G高防,美国gia日本软银韩国cn2香港cn2大带宽

tmhhost为2021年暑假开启了全场大促销,全部都是高端线路的VPS,速度快有保障。美国洛杉矶CN2 GIA+200G高防、洛杉矶三网CN2 GIA、洛杉矶CERA机房CN2 GIA,日本软银(100M带宽)、香港BGP直连200M带宽、香港三网CN2 GIA、韩国双向CN2。本次活动结束于8月31日。官方网站:https://www.tmhhost.com8折优惠码:TMH-SUMMER日本...

小渣云(36元/月)美国VPS洛杉矶 8核 8G

小渣云 做那个你想都不敢想的套餐 你现在也许不知道小渣云 不过未来你将被小渣云的产品所吸引小渣云 专注于一个套餐的商家 把性价比 稳定性 以及价格做到极致的商家,也许你不相信36元在别人家1核1G都买不到的价格在小渣云却可以买到 8核8G 高配云服务器,并且在安全性 稳定性 都是极高的标准。小渣云 目前使用的是美国超级稳定的ceranetworks机房 数据安全上 每5天备份一次数据倒异地 支持一...

permissiondenied为你推荐
leavemealone女孩说leave me alone还有戏吗?求帮助固态硬盘是什么什么是固态硬盘?硬盘工作原理简述硬盘的工作原理。老虎数码1200万相素的数码相机都有哪些款?大概价钱是多少?www.hao360.cn搜狗360导航网址是什么嘀动网动网和爱动网各自的优势是什么?曹谷兰曹谷兰事件 有吧友知道吗8090lu.com8090看看电影网怎么打不开了javmoo.com0904-javbo.net_avop210hhb主人公叫什么,好喜欢,有知道的吗m.kan84.net经常使用http://www.feikan.cc看电影的进来帮我下啊
紧急升级请记住新域名 免费域名解析 awardspace 海外服务器 paypal认证 网站保姆 css样式大全 免费博客空间 轻量 架设服务器 赞助 91vps 河南移动m值兑换 搜索引擎提交入口 免费网页空间 腾讯总部在哪 帽子云排名 工信部网站备案查询 测速电信 tracker服务器 更多