Linux follows a very difficult permission model. The root user can perform any operation; but ordinary users have no permissions and cannot run any commands. The following article will introduce to you how ordinary users can run commands as root. I hope it will be helpful to you.
Method 1: Use the su command
For ordinary users to run any command, they need to ask the super User requests permission. A simple and common way to grant administrative rights to a normal user is for the user to temporarily become the root user using the su command, so that the normal user can perform any operation because all the permissions of root are granted to the normal user. [Video tutorial recommendation:Linux tutorial]
Note: The su command allows ordinary users to run commands as the root user, provided that the password of the root user must be known.
[userA@rhel7 ~]$ su -
Output:
Password:
It asks for the superuser's password, but without knowing the root password, you can't run any commands.
Method 2: Use the sudo command
The sudo command allows the user to authenticate as the root user or any Run the command as another user.
sudo is more secure than su command. By default, it logs sudo usage, commands and parameters in /var/log/secure (Red Hat/Fedora/CentOS Linux) or /var/log/auth.log (Ubuntu/Debian Linux).
If the calling user is the root user, or the target user is the same as the calling user, no password is required. Otherwise, sudo requires users to authenticate themselves with a password by default. Once the user is authenticated, the timestamp is updated and the user can then use sudo without a password for a short period of time (15 minutes, unless overridden in sudoers).
How to use sudo?
Example: Allow user Rocky to access stop/shutdown commands and restart the Apache Web server. First, log in as root. Edit the configuration file using the visudo command:
# visudo
Append the following lines to the file:
rokcy localhost=/sbin/halt rokcy dbserver=/etc/init.d/apache-perl restart
Save and close the file. Rokcy users can now restart the Apache web server by typing:
$ sudo /etc/init.d/apache-perl restart
Output:
Password: Restarting apache-perl 1.3 web server....
The sudo command has logged the attempt to the log file /var/log/secure or /var/log /auth.log file:
# tail -f /var/log/auth.log
If rokcy wants to shut down the computer, you also need to enter the command:
$ sudo /sbin/halt
Output:
Password:
Before using sudo to run the command , the user usually provides a password. After authentication, if the /etc/sudoers configuration file allows user access, run the command. sudo logs every command run.
The above is the entire content of this article, I hope it will be helpful to everyone's study. For more exciting content, you can pay attention to the relevant tutorial columns of the PHP Chinese website! ! !
The above is the detailed content of How to run commands as root as an ordinary user in Linux. For more information, please follow other related articles on the PHP Chinese website!