Shulou(Shulou.com)06/02 Report--

Preface

In Linux and other Unix-like operating systems, only root users can run all commands and perform some key operations on the system, such as installing and updating, deleting packages, creating users and groups, and modifying important system configuration files.

However, a system administrator in the root user role can allow other normal system users to run certain commands and perform important system operations, including the above, with the help of sudo commands and several configurations.

Sudo stands for "superuser do". It allows authenticated users to run commands as other users. Other users can be regular users or super users. However, most of the time we use it to run commands with elevated privileges.

The sudo command is used with the security policy, which is sudoers by default and can be configured through the file / etc/sudoers. Its security strategy is highly extensible. People can develop and distribute their own security policies as plug-ins.

The difference from su

In GNU/Linux, there are two ways to run commands with elevated privileges:

Use the su command to use the sudo command

Su stands for "switch user". With su, we can switch to the root user and execute the command. But this approach has some drawbacks:

We need to share the root password with others. Because the root user is a superuser, we cannot grant controlled access. We can't censor what users are doing.

Sudo solves these problems in a unique way.

First of all, we don't need to compromise to share root users' passwords. Ordinary users can execute commands with elevated privileges using their own passwords. We can control the access of sudo users, which means that we can restrict users to execute only certain commands. In addition, all activities of sudo users are recorded, so we can review what has been done at any time. In Debian-based GNU/Linux, all activities are recorded in the / var/log/auth.log file.

These points are described later in this tutorial.

Hands-on sudo

Now, we have a general understanding of sudo. Let's do it in practice. For demonstration purposes, I use Ubuntu. However, the operation of other distributions should be the same.

Allow sudo permissions

Let's add a normal user as a sudo user. In my case, the user name is linuxtechi.

1. Edit the / etc/sudoers file as follows:

$sudo visudo

two。 Add the following line to allow user linuxtechi to have sudo privileges:

Linuxtechi ALL= (ALL) ALL

In the above command:

Linuxtechi indicates user name the first ALL indicates that sudo is allowed to be accessed from any terminal, machine, the second (ALL) indicates that the sudo command is allowed to execute the third ALL as any user, indicating that all commands can be executed as root

Execute the command with elevated privileges

To execute a command with elevated privileges, simply precede the command with sudo, as follows:

$sudo cat / etc/passwd

When you execute this command, it asks for the password of the linuxtechi, not the password of the root user.

Execute commands as other users

In addition, we can use sudo to execute the command as another user. For example, in the following command, user linuxtechi executes the command as user devesh:

$sudo-u devesh whoami [sudo] password for linuxtechi:devesh

Built-in command behavior

One limitation of sudo is that it cannot use Shell's built-in commands. For example, the history record is a built-in command, and if you try to execute this command with sudo, you will be prompted with the following error that the command was not found:

$sudo history [sudo] password for linuxtechi:sudo: history: command not found

Visit root shell

To overcome the above problems, we can access root shell and execute any commands there, including Shell's built-in commands.

To access root shell, execute the following command:

$sudo bash

After executing this command-- you will observe that the prompt changes to a pound sign (#).

Sports Acrobatics

In this section we will discuss some useful techniques that will help improve productivity. Most commands can be used to accomplish daily tasks.

Execute the previous command as the sudo user

Let's assume that you want to execute the previous command with elevated privileges, then the following techniques will be useful:

$sudo! 4

The above command executes the fourth command in the history with elevated privileges.

Use the sudo command in Vim

Many times, when we edit the configuration file of the system, we only realize that we need root access to perform this operation when we save it. Because this may cause us to lose our changes to the file. There is no need to panic, we can use the following command in Vim to resolve this situation:

W! sudo tee%

In the above command:

The colon (:) indicates that we are in Vim exit mode exclamation point (!) Indicates that we are running the shell commands sudo and tee are both the shell command percent sign (%) indicating all lines starting from the current line

Execute multiple commands using sudo

So far we have only executed a single command with sudo, but we can use it to execute multiple commands. You just need to separate the command with a semicolon (;), as follows:

$sudo-- bash-c 'pwd; hostname; whoami'

In the above order

Double hyphen (- -) stop command line toggle bash indicates the name of the shell to be used to execute the command-c option followed by the command to be executed

Run the sudo command without password

When the sudo command is executed for the first time, it prompts for a password, which is cached for 15 minutes by default. However, we can avoid this and disable password authentication using the NOPASSWD keyword, as follows:

Linuxtechi ALL= (ALL) NOPASSWD: ALL

Restrict users from executing certain commands

To provide controlled access, we can restrict sudo users to execute only certain commands. For example, the following line only allows the execution of echo and ls commands.

Linuxtechi ALL= (ALL) NOPASSWD: / bin/echo / bin/ls

Learn more about sudo

Let's take a closer look at the sudo command.

$ls-l / usr/bin/sudo-rwsr-xr-x 1 root root 145040 Jun 13 2017 / usr/bin/sudo

If you look closely at the file permissions, you can see that the setuid bit is enabled on sudo. When any user runs this binary file, it will run with the user rights that own the file. In the case shown, it is the root user.

To demonstrate this, we can use the id command, as follows:

$iduid=1002 (linuxtechi) gid=1002 (linuxtechi) groups=1002 (linuxtechi)

When we execute the id command without using sudo, the id of the user linuxtechi will be displayed.

$sudo iduid=0 (root) gid=0 (root) groups=0 (root)

However, if we use sudo to execute the id command, the id of the root user is displayed.

Conclusion

As can be seen from this article-sudo provides more controlled access for ordinary users. Using these technologies, multiple users can interact with GNU/Linux in a secure manner.

All right, that's all of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. If you have any questions, you can leave a message and exchange. Thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.