![]() It's a great safeguard against simple errors which could lock you out of your own system's admin privileges. Use the program visudo - it will prevent you from saving your edits unless they are at least minimally sane. However, you should never edit it by hand. I suppose we're talking about a non-server situation and you administrate the machine since we're on SU rather than SF, but just in case.)įinally, if you want to use sudo in a more fine-grained way, you should look at man sudoers for how to edit the /etc/sudoers file. (On all these systems, you can change these defaults, but only if you have some kind of administrative privileges to begin with. Equally, Debian does not give regular users any default privileges to sudo. So for example, as some people have mentioned, OS X and Ubuntu disable the root account ( su) by default. One or the other ( su or sudo) is probably not set up for full use by default. One thing that isn't getting said fully is this: which one you can use often depends on what distribution you're using and who runs it. If you have multiple people who need root access for administrative tasks, this means either changing all the root passwords whenever someone leaves, or assuming that it's ok for them to have full access to your systems after you leave. If you give them the root password, even assuming they don't do anything unpleasant with it, then they will know it forever. If you delete their account, their access is gone. If you give someone sudo access, you can revoke it by removing their line in the sudoers file, or removing them from the sudoers group. only /usr/local/bin/run_backup) or you can specify a specific user they're allowed to run commands as (e.g. You can specify a specific list of commands they're allowed to run (e.g. These options are documented under man sudo. The -u user option means to run the command as the specified user rather than root. The -s option means to run the shell specified in the environment variable SHELL if this has been set, or else the user's login shell. You can allow a user or group to sudo within a certain timeframe (e.g. sudo -su user is short for sudo -s -u user. You can grant privileges to a user, or to a group. You're essentially giving them access to the other account, with 'su' being just one thing they can do with it. If you give someone access to su (by, for example, giving them the root password), then they can do anything with it – run other commands, open a shell, change the password, login remotely via ssh, and so on. ![]() Permission to use sudo (and the specific things you can do with it) are specified by an administrator in the sudoers file. Sudo is a command to execute another command (optionally a shell) as a different user. If you want to su to root, you need the root password. Su is a command to change to another user, either to run a shell or execute a specific command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |