Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the 10 skills of the sudo command in the Linux system, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

The sudo command is used with the security policy, which is sudoers by default and can be configured through the file / etc/sudoers. Its security strategy is highly extensible. People can develop and distribute their own security policies as plug-ins.

The difference from su

In GNU/Linux, there are two ways to run commands with elevated privileges:

Use the su command

Use the sudo command

Su stands for "switch user". With su, we can switch to the root user and execute the command. But this approach has some drawbacks:

We need to share the root password with others.

Because the root user is a superuser, we cannot grant controlled access.

We can't censor what users are doing.

Sudo solves these problems in a unique way.

First of all, we don't need to compromise to share root users' passwords. Ordinary users can execute commands with elevated privileges using their own passwords.

We can control the access of sudo users, which means that we can restrict users to execute only certain commands.

In addition, all activities of sudo users are recorded, so we can review what has been done at any time. In Debian-based GNU/Linux, all activities are recorded in the / var/log/auth.log file.

These points are described later in this tutorial.

Hands-on sudo

Now, we have a general understanding of sudo. Let's do it in practice. For demonstration purposes, I use Ubuntu. However, the operation of other distributions should be the same.

Allow sudo permissions

Let's add a normal user as a sudo user. In my case, the user name is linuxtechi.

Edit the / etc/sudoers file as follows:

$sudo visudo

Add the following line to allow user linuxtechi to have sudo privileges:

Linuxtechi ALL= (ALL) ALL

In the above command:

Linuxtechi represents the user name

* ALL instructions to allow access to sudo from any terminal or machine

The second (ALL) indicates that the sudo command is allowed to be executed as any user

The third ALL indicates that all commands can be executed as root

Execute the command with elevated privileges

To execute a command with elevated privileges, simply precede the command with sudo, as follows:

$sudo cat / etc/passwd

When you execute this command, it asks for the password of the linuxtechi, not the password of the root user.

Execute commands as other users

In addition, we can use sudo to execute the command as another user. For example, in the following command, user linuxtechi executes the command as user devesh:

$sudo-u devesh whoami [sudo] password for linuxtechi: devesh

Built-in command behavior

One limitation of sudo is that it cannot use Shell's built-in commands. For example, the history record is a built-in command, and if you try to execute this command with sudo, you will be prompted with the following error that the command was not found:

$sudo history [sudo] password for linuxtechi: sudo: history: command not found

Visit root shell

To overcome the above problems, we can access root shell and execute any commands there, including Shell's built-in commands.

To access root shell, execute the following command:

$sudo bash

After executing this command-- you will observe that the prompt changes to a pound sign (#).

Sports Acrobatics

In this section we will discuss some useful techniques that will help improve productivity. Most commands can be used to accomplish daily tasks.

Execute the previous command as the sudo user

Let's assume that you want to execute the previous command with elevated privileges, then the following techniques will be useful:

$sudo! 4

The above command executes the fourth command in the history with elevated privileges.

Use the sudo command in Vim

Many times, when we edit the configuration file of the system, we only realize that we need root access to perform this operation when we save it. Because this may cause us to lose our changes to the file. There is no need to panic, we can use the following command in Vim to resolve this situation:

W! sudo tee%

In the above command:

The colon (:) indicates that we are in Vim exit mode

Exclamation point (!) Indicates that we are running the shell command

Sudo and tee are both shell commands

The percent sign (%) indicates all lines starting from the current line

Execute multiple commands using sudo

So far we have only executed a single command with sudo, but we can use it to execute multiple commands. You just need to separate the command with a semicolon (;), as follows:

$sudo-- bash-c 'pwd; hostname; whoami'

In the above order

Double hyphen (- -) stops command line switching

Bash represents the name of the shell to be used to execute the command

The-c option is followed by the command to be executed

Run the sudo command without password

When the sudo command is executed * * times, it prompts for a password, which is cached for 15 minutes by default. However, we can avoid this and disable password authentication using the NOPASSWD keyword, as follows:

Linuxtechi ALL= (ALL) NOPASSWD: ALL

Restrict users from executing certain commands

To provide controlled access, we can restrict sudo users to execute only certain commands. For example, the following line only allows the execution of echo and ls commands.

Linuxtechi ALL= (ALL) NOPASSWD: / bin/echo / bin/ls

Learn more about sudo

Let's take a closer look at the sudo command.

$ls-l / usr/bin/sudo-rwsr-xr-x 1 root root 145040 Jun 13 2017 / usr/bin/sudo

If you look closely at the file permissions, you can see that the setuid bit is enabled on sudo. When any user runs this binary file, it will run with the user rights that own the file. In the case shown, it is the root user.

To demonstrate this, we can use the id command, as follows:

$id uid=1002 (linuxtechi) gid=1002 (linuxtechi) groups=1002 (linuxtechi)

When we execute the id command without using sudo, the id of the user linuxtechi will be displayed.

$sudo id uid=0 (root) gid=0 (root) groups=0 (root)

However, if we use sudo to execute the id command, the id of the root user is displayed.

It can be seen from this article that sudo provides more controlled access to the average user. Using these technologies, multiple users can interact with GNU/Linux in a secure manner.

After reading the above, do you have any further understanding of the 10 techniques of sudo commands in the Linux system? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.