This command was useful back when sudo did not have the -i option, but I think that option has been there for about 15 years by now. This would require giving the user(s) in question at least access to run the ` su - targetuserĬommand as root, and it will be more difficult to piece together from the logs what the user actually did. To get a shell as the target user, with the exact same environment the target user would get when logging in directly.įor historical reasons, some people reflexively use sudo su - targetuserįor the second purpose.
To quickly execute individual commands as the target user, or $ sudo -iu targetuser Then, the user(s) can do $ sudo -u targetuser command sudo bash & sudo sh: Anything after the sudo is a program to run - so in these cases you are asking to run a couple of shells - bash and dash. If you drop the 'userid' it assumes you are trying to login as root - which you can't (unless you change the root password).
If a normal user needs to perform any system wide changes. Normally you would use the format su -normal users are not authorized to perform any system operations. One of the way to implement security in Linux is the user management policy and user permission. Linux System is much secured than any of its counterpart.
#Sudo vs su vs sudo su how to#
If you want to give an user (or a group) full access to a specific other user account and nothing else, you can do it this way: user ALL=(targetuser) ALL Difference Between su Vs sudo and How to Configure sudo in Linux. Remember that any files you create will be owned by the. Meaning: "any members of group wheel on ALL hosts can sudo to ALL user accounts to run ALL commands." So it's exactly the same as your "bad" line: bob ALL=(ALL) ALL Scripts entered as user data are run as the root user, so do not use the sudo command in the script. When the wheel group membership gives an user full root access through sudo, it is normally configured like this in the /etc/sudoers file: %wheel ALL=(ALL) ALL Do I have to create a group and then add all users to this group or is there another way?
And according to my knowledge bob ALL=ALL ALLīasically makes bob have the same power like root which is not good right.Īnother question I have is how to make all users on the system able to execute the last command. Sorry, user bob is not allowed to execute '/sbin/iptables -L' as rootĪnd so am not sure how to give sudo access to the machine to a user if the group wheel is not there. I've always wondered why this is so commonly suggested in the Ubuntu world. muru at 7:59 1 There is never a good reason to run sudo su. So can I do the following line then: bob ALL=/usr/bin/sudoīut then I changed to user bob after and tried to execute # sudo iptables -L 1 muru The OP is asking difference between su and sudo su not sudo -s or sudo -s Maythux at 7:58 2 NewUSer read again.
Then how can I grant bob sudo access to the machine.When I did # which sudo Or let's say there is no wheel group or it is deleted for some reason. Should I just add the user to the wheel group. When you are asked to give a user sudo access to the machine.
0 kommentar(er)
