Admin rights su, su -, su - -c, and sudo
Posted: 02 Jul 2015, 09:35
Even if you are the administrator of your system you do surf the net and do non admin stuff; stuff that is safer to do without admin rights.
It is best to do most of your work as regular user and use su or sudo to do the root stuff.
It is a bit like Clark Kent and Superman - when needed you put on your cape and fly.
There is a difference in the rights you get depending on you go about this.
To become root many simply type and enter the password.
This changes your user and group ID, but not much else. You must run exit, or use [Ctrl]+d to return to normal user status.
(or su -l)
acts as if you logged in as the root user. This is better than running with no options. To logout type exit or [Ctrl]+d
The important part is to log out again and become "Clark Kent" for everyday tasks.
To simply run a command as root and jump right back to normal status you can use the -c switch:
This saves you the "hassle" of logging out. This is the best way of using admin rights; you become Superman, save the world and go right back to the Daily Planet as Clark Kent.
If you want to run a command with spaces in it then you need to use quote marks like this:
will open a root shell and let you do root stuff so you need to log out again.
sudo -u lets you log in as another user on the system this can be handy when you need to edit a common file in that user's home.
These rights are set in the /etc/sudoers file.
and sudo -e (or sudoedit) will let you edit files that normally requires root privileges:
It is best to do most of your work as regular user and use su or sudo to do the root stuff.
It is a bit like Clark Kent and Superman - when needed you put on your cape and fly.
There is a difference in the rights you get depending on you go about this.
To become root many simply type
Code: Select all
suThis changes your user and group ID, but not much else. You must run exit, or use [Ctrl]+d to return to normal user status.
Code: Select all
su -acts as if you logged in as the root user. This is better than running with no options. To logout type exit or [Ctrl]+d
The important part is to log out again and become "Clark Kent" for everyday tasks.
To simply run a command as root and jump right back to normal status you can use the -c switch:
Code: Select all
su - -c iftopThis saves you the "hassle" of logging out. This is the best way of using admin rights; you become Superman, save the world and go right back to the Daily Planet as Clark Kent.
If you want to run a command with spaces in it then you need to use quote marks like this:
Code: Select all
su - -c "ip addr"- All of the methods above are considered safer than using sudo by some but sudo offers some advantages.
Fewer passwords to remember (Keep it Simple, Slick!)
sudo logs commands run and the users who use (or attempt to use) sudo
sudo eliminates root account, meaning attackers must figure out which users are admins
sudo allows you to control who can run which commands, and from which systems
sudo offers a five-minute timeout (by default), so you can run further sudo commands without re-entering your password. After five minutes, though, you return back to normal privileges and must enter your password again
Code: Select all
sudo -isudo -u lets you log in as another user on the system this can be handy when you need to edit a common file in that user's home.
Code: Select all
sudo -u that_user nano /home/that_user/backup.logCode: Select all
sudo -l will list what permissions you haveThese rights are set in the /etc/sudoers file.
and sudo -e (or sudoedit) will let you edit files that normally requires root privileges:
Code: Select all
sudo -e /etc/salt/master