12/18/2023 0 Comments Sudo i option![]() ![]() ** : To load environment or other preferences to your current bash you can use the. Writing scripts/automation avoids errors and the need of an interactive shell.Playing with filesystem permissions enables to be in the needed groups.Loading environment variables is possible without changing your shell.**.Most shells have an option to be launched as a login shell,Īnd if you don't know which, the man remains your best friend. No more double elevation : login shell with sudo It's also possible to configure sudo not to ask passwords. To make it less inconvenient, sudo is designed to prompt for the password every 15min but you can tailor it in /etc/sudoers, see man sudoers for more details. > Working with su -c "command" is quickly annoying because you have to type your password each time (this lead to the bad habit we have now). The more recent, sudo, is using an access list which determine which users and command you can use and have richer log.īy proving your identity with your password you are able to temporary run commands with another account.ĭebian Administrator Handbook / Red Hat System Administrators Guide * It causes su to not ask the password of the root account. * That explain why most users prefix the "su -" command with sudo. ** Only root is allowed not to provide passwords when using su. The older one, su, is meant to change the user but to login you'll need the user's password.Īnd this can lead to a major issue : You have to share the account password, and if someone changes the password everyone else will lose access to the account. Su: pam_unix(su-l:session): session opened for user root(uid=0) by (uid=0) Sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1001) You can verify the duplicate, useless elevation in /var/log/auth.log : sudo: demo : TTY=pts/3 PWD=/home/demo USER=root COMMAND=/bin/su. According to /etc/passwd (very likely bash or sh). ![]() sets argv of the shell to '-' in order to make the shell a login shell.changes to the target user's home directory.initializes the environment variables HOME, SHELL, USER, LOGNAME, and PATH. ![]() clears all the environment variables except TERM.(Pluggable Authentication Modules for Linux) pam_unix(su-l:session): session opened for user root(uid=0) by (uid=1000)Īccording to the man page, the -, -l, -login option # - : Start a login shell (aternatives : -l, -login)īy using su/ sudo you perform an authentication via the PAM Which give us the following flow of execution. > man su - run a command with substitute user and group ID Most of the time people use sudo su -, and that's funny, (and dangerous,) here is why. Therefore it's not rare to see terminals with the root # prompt. Sadly even today most Administrators, Devops, Students do not have the proper training on how to leverage the native permissions capabilities of *Nix O.S. If in the past root was only one person, systems often have many administrators nowadays, and working as root is discouraged in these cases. The root account is the account of the administrator so permissions and groups have been added to enable other users to perform administrative tasks. ![]() Since the 70's Unix Operating Systems (O.S.) were designed to be multi-process and multi-user. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |