Shulou(Shulou.com)06/01 Report--

This article mainly explains the "summary of switching user commands in the Linux system". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "the summary of switching user commands in the Linux system".

# 1:runuser command

The runuser command runs a Shell with an alternate user or group ID. This command is useful only for root users.

Run only as a session PAM hook, and there is no password prompt. If you use a non-root user who does not have permission to set user ID, this command will fail because the program does not have setuid. Because runuser does not run authentication and account PAM hooks, it is at a lower level than su.

Syntax:

The code is as follows:

Runuser-l userNameHere-c 'command'

Runuser-l userNameHere-c'/ path/to/command arg1 arg2'

For example, as a root user, you might want to check the shell resource limits under the oracle user by typing:

The code is as follows:

# runuser-l oracle-c 'ulimit-SHa'

Or monitor the nginx or lighttpd web server restrictions:

The code is as follows:

# runuser-l nginx-c 'ulimit-SHa'

Or

The code is as follows:

# runuser-l lighttpd-c 'ulimit-SHa'

Sometimes, root users cannot browse NFS-mounted shares due to permissions (security) issues:

The code is as follows:

# ls-l / nfs/wwwroot/cyberciti.biz/http

Or

The code is as follows:

# cd / nfs/wwwroot/cyberciti.biz/http

Possible output:

The code is as follows:

-bash: cd: / nfs/wwwroot/cyberciti.biz/http/: Permission denied

Nevertheless, apache users are allowed to browse or access nfs-based systems mounted under / nfs/wwwroot/cyberciti.biz/http/:

The code is as follows:

# runuser-l apache-c'ls-l / nfs/wwwroot/cyberciti.biz/http/'

Or

The code is as follows:

# runuser-l apache-c'cd / nfs/wwwroot/cyberciti.biz/http/; vi index.php'

Using the runuser command, no password is required and can only be used under the root user.

Available options:

-l: make shell the login shell and replace the default with the runuser-l PAM file

-g: specify the primary group

-G addition group

-c: command, a single command to be passed to shell

-- session-command=COMMAND: use-c to pass a single command line shell without creating a new session

-m: do not reset environment variables.

# 2:su command

The su command allows you to become a superuser or substitute user (substitute user), cheat user (spoof user), set user (set user), or switch user (switch user). It allows a Linxu user to switch the current user to the target user you know the password, including the associated running console (console) or Shell. Its syntax is as follows:

The code is as follows:

Su-

Su-username

Switch to root user

The su command asks for the password of the target user. Type su-in your shell command line to switch to the root user (you must know the password of the root user):

The code is as follows:

Vivek@wks01:~$ su-

Or

The code is as follows:

Vivek@wks01:~$ su-root

Sample output:

Password:

The code is as follows:

Root@wks01:/root# logout

Vivek@wks01:~$

If you enter the correct root password, the ownership of the session will be changed to the root account. Enter logout to exit a root logged in shell, and enter the whoami or id command to verify the owner of the current session:

Whoami

Or

Id

Run the command with the root account

The syntax is:

The code is as follows:

Su-root-c "command"

Or

The code is as follows:

Su-c "command arg1"

Check the contents of the / root directory, which were originally inaccessible to ordinary users, and run:

The code is as follows:

Su-root-c "ls-l / root"

It is important to note that Linix and some Unix-like systems have a wheel user group, and only users in this group are allowed to switch to root using su.

Use the su command to get other users to run commands

The following command switches to the oracle account and displays a list of restrictions:

The code is as follows:

$su-oracle-c 'ulimit-aHS'

Similarly, if the correct oracle password is provided, the session ownership will become the oracle account. The log of the su command is kept in the system log, usually in / var/log/auth.log (Debian/Ubuntu) or / var/log/secure (RHEL/CentOS).

# 3: sudo command

Sudo executes a command as another user, but it follows a set of rules about which users can execute those commands with those other users. This rule is defined in the / etc/sudoers file. Unlike su,sudo, the user is authenticated by the user's own password rather than the user's password to be switched. When providing an audit trail command and their parameters, sudo allows a system administrator to delegate certain users (or user groups) permission to run certain (or all) commands as root or other users. This allows the specified command to be delegated to the specified user on the specified host without sharing a password among users. The syntax is as follows:

The code is as follows:

Sudo command

Considerations for GUI tools (front-end GUI for su and sudo)

The gksu command is the foreground of su, and gksudo is the front end of sudo. Their main purpose is to run graphical commands that require root permissions but do not need to run a X terminal emulator and use su directly. The syntax is as follows:

The code is as follows:

Gksu [- u] [options]

Gksudo [- u] [options]

Enter gksu only, and the following pop-up window will be displayed:

You will then be asked to enter the password of the root user:

You can also run the following code directly:

The code is as follows:

Gksu-u root' ls / root'

Or, run the command as the oracle user:

The code is as follows:

Gksu-u oracle 'ulimit-aHS'

Or log in as root:

The code is as follows:

Gksu-u root-l

Summary: runuser VS su VS sudo

Thank you for your reading. the above is the content of "summary of switching user commands in Linux system". After the study of this article, I believe you have a deeper understanding of the summary of switching user commands in Linux system, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.