摘要:

        sudo和su两个命令是Linux比较常用的两个命令,笔者最初的认知里认为两个命令存在某种关联,后来发现两个命令只是内容上相似,本质上是两个不相关的命令。sudo命令用来在普通用户中获取系统管理员权限执行特定任务,提高系统安全性。su命令用来转换已登入会话的owner,说简单一点就是转换用户。

sudo命令

sudo (/ˈsuːduː/or/ˈsuːdoʊ/, superuser do) is a utilityfor UNIX- and Linux-based systems that provides an efficient way to givespecific users permission to use specific system commands at the root (mostpowerful) level of the system. Sudo also logs all commands and arguments.

超级用户执行(superuser do,sudo)是一个Unix系统工具,它提供一个有效方法,允许给定用户在系统的root(权利最大)层次使用特定的系统命令。sudo还记录所有的命令和参数。它允许系统管理员分配给普通用户一些合理的“权利”,让他们执行一些只有超级用户或其他特许用户才能完成的任务,从而减少root用户的登陆次数和管理时间,提高系统安全性。

使用sudo,能够实现如下操作:

(1)让有些用户(或者用户群)能够在系统操作的root层次运行一些(或所有)命令。

(2)控制用户能在各个主机使用的命令。

(3)从记录清楚的检查哪些用户使用了哪些命令。

(4)使用时标文件,控制用户输入口令以及获得适当权益之后必须输入命令的时间长短。

配置sudo。配置sudo必须通过编辑/etc/sudoers文件,而且只有超级用户才可以修改它,还必须使用visudo编辑。之所以使用visudo有两个原因,一是它能够防止两个用户同时修改它;二是它也能进行有限的语法检查。所以,即使只有一个超级用户,也最好用visudo来检查一下语法。

su命令

The su (substitute user) command makes it possible to change a login session's owner(i.e., the user who originally created that session by logging on to thesystem) without the owner having to first log out of that session.

Although su canbe used to change the ownership of a session to any user, it is most commonlyemployed to change the ownership from an ordinary user to the root (i.e.,administrative) user, thereby providing access to all parts of and all commandson the computer or system. For this reason, it is often referred to (although somewhatinaccurately) as the superuser command. It is also sometimes called the switch user command.

su is usuallythe simplest and most convenient way to change the ownership of a login sessionto root or to any other user.

Moreimportantly, it provides a safer way for administrators on multi-user systems(as well as for users on home computers or other single-user systems) to usethe system than to routinely log on as the root user. That is, there is muchless potential for accidental or malicious damage if an administrator firstlogs on as an ordinary user (who, by default, has very limited systemprivileges) and uses that account for routine tasks that do not require root'ssweeping powers. su can then be used to switch to the root account for onlythose operations that actually require root access (e.g., making system repairsand managing user accounts).

su(switch user的缩写,有的地方也被看作是substituteuser的缩写)用于以其他用户的身份来打开一个shell或者登录界面。当该命令不加任何参数运行时,su命令将假设你想成为root。当运行该命令时,你将被提示输入密码。输入的密码即你想切换到的用户的密码。例如,如果想成为root,在终端中运行su,则将需要输入root用户的密码。如果运行su bill命令,将需要输入bill的密码。

Logo

更多推荐