![]() ![]() It's not good practice to have numerous people knowing and using the root password because when logged in as root, you can do anything to the system. Using su creates security hazards, is potentially dangerous, and requires more administrative maintenance. To do so, press Ctrl-d or type exit at the command prompt. If you supply a user, you will be logged in as that account until you exit it. In either case, you'll be prompted for the password associated with the account for which you're trying to run the command. The user feature is optional if you don't provide a user, the su command defaults to the root account, which in Unix is the system administrator account. Replace user with the name of the account which you'd like to run the commands as. To switch users before running many commands, enter: su user Replace user with the name of the account which you'd like to run the command as, and command with the command you need to run as another user. To use the su command on a per-command basis, enter: su user -c command The su command allows you to become another user. For more information about the sudo command, visit A. The sudo command also makes it easier to practice the principle of least privilege (PoLP), which is a computer security concept that helps control system access and potential system exploits and compromises. Replace command with the command for which you want to use sudo. ![]() To use the sudo command, at the command prompt, enter: sudo command It also logs all commands and arguments so there is a record of who used it for what, and when. ![]() Using the sudoers file, system administrators can give certain users or groups access to some or all commands without those users having to know the root password. It prompts you for your personal password and confirms your request to execute a command by checking a file, called sudoers, which the system administrator configures. The sudo command allows you to run programs with the security privileges of another user (by default, as the superuser). Libsss_sudo.x86_64 1.16.4-37.el7 1.8.23-9.The Unix commands sudo and su allow access to other commands as a different user. # yum list installed | grep sudo OR # rpm -qi sudo Option -B: To check the package using yum or rpm utilities. If the package is available in the system, then it will display the result as below: bash: /usr/bin/sudo: No such file or directory Output: If the sudo package is not installed in the system, then it will display the output as like below: Option -A: Open your terminal and simply type 'sudo' without a quote and press enter. You can check whether the packages are available or not in the system by using the following commands from the given options: # It means only the given user can execute all the commands like rootīy default, all Linux distros come with a pre-installed package of sudo. # It means all the users that belong to the wheel group can execute all the commands like root # Allows people in the group wheel to run all commands # It means all the users with the root privilege can execute all the commands like root # Allow root to run any commands anywhere Following are the three different entries in the sudoers file that give you the privilege to use sudo prefix. In Redhat, CentOS, and Fedora, the sudo group name is "wheel", which is mostly enabled by default if not, it can be edited the /etc/sudoers file using the 'visudo' command in the Terminal, or directly using vi or vim. In most Linux distributions, sudo privilege can be granted simply by adding a user to the sudo group. Hence, it is always recommended to use a normal account with sudo privilege instead of root, since we know that sudo has some extra security checks, such as asking for the user's password prior to executing any administrative commands. As a result, it is better to avoid using root accounts, except in the very specific cases where they are explicitly required. The simplest mistake when you are running a command can easily destroy the whole system without any scope for recovery except for re-installation. ![]() The use of a root account is quite dangerous in the day-to-day course of action, since it has full privileges to perform any actions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |