![]() (You thought I was going to say something like "assign blame," didn't you?) su The logs can facilitate a problem-related postmortem to determine when users need more training. ![]() Using the sudo command does have the side effect of generating log entries of commands used by non-root users, along with their IDs. Users who need to continue working with elevated privileges but are not ready to issue another task-related command can run the sudo -v command to revalidate the credentials and extend the time for another 5 minutes. During this brief time interval, usually configured to be 5 minutes, the user may perform any necessary administrative tasks that require elevated privileges. In most cases, sudo lets a user issue one or two commands then allows the privilege escalation to expire. The sudo command does not switch the user account to become root most non-root users should never have full root access. The sudo command gives non-root users temporary access to the elevated privileges needed to perform tasks such as adding and deleting users, deleting files that belong to other users, installing new software, and generally any task required to administer a modern Linux host.Īllowing the users access to a frequently used command or two that requires elevated privileges saves the sysadmin a lot of requests from users and eliminates the wait time. The original intent of sudo was to enable the root user to delegate to one or two non-root users access to one or two specific privileged commands they need regularly. This difference is due to the distinct use cases for which they were originally intended. These tools both provide escalated privileges, but the way they do so is significantly different. Most sysadmins rarely use sudo because it requires typing more than necessary to run essential commands. Some days require staying logged in as root all day long. Many sysadmins log in as root to work as root and log out of our root sessions when finished. A user might need to run one or two commands as root, but very infrequently. There were usually many non-root user accounts on those computers, and none of those users needed total root access. The root user would also have a non-root account for non-root activities such as writing documents and managing their personal email. In this ancient world, the person entrusted with the root password would log in as root on a teletype machine or CRT terminal such as the DEC VT100, then perform the administrative tasks necessary to manage the Unix computer. Early Unix computers required full-time system administrators, and they used the root account as their only administrative account. The su and sudo commands were designed for a different world. Our latest Linux articles Historical perspective of sysadmins If you have to use su, then always use it like su - to make sure everything is sourced as it should be and nothing has been compromised with. We can setup our /etc/sudoers file then use something like: sudo -i -u username ![]() It's not a good idea to share a single password between users, so it's best to not use su at all, instead we can use sudo, also there is no need to run something like: sudo su - username
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |