mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
commit
fe4bf8141e
@ -1,159 +0,0 @@
|
||||
申请翻译
|
||||
Understanding the difference between sudo and su
|
||||
============================================================
|
||||
|
||||
### On this page
|
||||
|
||||
1. [The su command in Linux][7]
|
||||
1. [su -][1]
|
||||
2. [su -c][2]
|
||||
2. [Sudo vs Su][8]
|
||||
1. [Password][3]
|
||||
2. [Default behavior][4]
|
||||
3. [Logging][5]
|
||||
4. [Flexibility][6]
|
||||
3. [Sudo su][9]
|
||||
|
||||
In one of our[ earlier articles][11], we discussed the 'sudo' command in detail. Towards the ends of that tutorial, there was a mention of another similar command 'su' in a small note. Well, in this article, we will discuss in detail the 'su' command as well as how it differs from the 'sudo' command.
|
||||
|
||||
But before we do that, please note that all the instructions and examples mentioned in this tutorial have been tested on Ubuntu 14.04LTS.
|
||||
|
||||
### The su command in Linux
|
||||
|
||||
The main work of the su command is to let you switch to some other user during a login session. In other words, the tool lets you assume the identity of some other user without having to logout and then login (as that user).
|
||||
|
||||
The su command is mostly used to switch to the superuser/root account (as root privileges are frequently required while working on the command line), but - as already mentioned - you can use it to switch to any other, non-root user as well.
|
||||
|
||||
Here's how you can use this command to switch to the root user:
|
||||
|
||||
[
|
||||
![The su cmmand without commandline options](https://www.howtoforge.com/images/sudo-vs-su/su-command.png)
|
||||
][12]
|
||||
|
||||
The password that this command requires is also of the root user. So in general, the su command requires you to enter the password of the target user. After the correct password is entered, the tool starts a sub-session inside the existing session on the terminal.
|
||||
|
||||
### su -
|
||||
|
||||
There's another way to switch to the root user: run the 'su -' command:
|
||||
|
||||
[
|
||||
![The su - command](https://www.howtoforge.com/images/sudo-vs-su/su-hyphen-command.png)
|
||||
][13]
|
||||
|
||||
Now, what's the difference between 'su' and 'su -' ? Well, the former keeps the environment of the old/original user even after the switch to root has been made, while the latter creates a new environment (as dictated by the ~/.bashrc of the root user), similar to the case when you explicitly log in as root user from the log-in screen.
|
||||
|
||||
The man page of 'su' also makes it clear:
|
||||
|
||||
```
|
||||
The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly.
|
||||
```
|
||||
|
||||
So, you'll agree that logging in with 'su -' makes more sense. But as the 'su' command also exists, one might wonder when that's useful. The following excerpt - taken from the [ArchLinux wiki website][14] - gives a good idea about the benefits and pitfalls of the 'su' command:
|
||||
|
||||
* It sometimes can be advantageous for a system administrator to use the shell account of an ordinary user rather than its own. In particular, occasionally the most efficient way to solve a user's problem is to log into that user's account in order to reproduce or debug the problem.
|
||||
|
||||
* However, in many situations it is not desirable, or it can even be dangerous, for the root user to be operating from an ordinary user's shell account and with that account's environmental variables rather than from its own. While inadvertently using an ordinary user's shell account, root could install a program or make other changes to the system that would not have the same result as if they were made while using the root account. For instance, a program could be installed that could give the ordinary user power to accidentally damage the system or gain unauthorized access to certain data.
|
||||
|
||||
Note: In case you want to pass more arguments after - in 'su -', then you should use the -l command line option that the command offers (instead of -). Here's the definition of - and the -l command line option:
|
||||
|
||||
```
|
||||
-, -l, --login
|
||||
Provide an environment similar to what the user would expect had the user logged in directly.
|
||||
|
||||
When - is used, it must be specified as the last su option. The other forms (-l and --login) do not have this restriction.
|
||||
```
|
||||
|
||||
### su -c
|
||||
|
||||
There's another option of the 'su' command that's worth mentioning: -c. It lets you provide a command that you want to run after switching to the target user.
|
||||
|
||||
The man page of 'su' explains it as:
|
||||
|
||||
```
|
||||
-c, --command COMMAND
|
||||
Specify a command that will be invoked by the shell using its -c.
|
||||
|
||||
The executed command will have no controlling terminal. This option cannot be used to execute interactive programs which need a controlling TTY.
|
||||
```
|
||||
|
||||
Consider the following example template:
|
||||
|
||||
su [target-user] -c [command-to-run]
|
||||
|
||||
So in this case, the 'command-to-run' will be executed as:
|
||||
|
||||
[shell] -c [command-to-run]
|
||||
|
||||
Where 'shell' would be replaced by 'target-user' shell defined in the /etc/passwd file.
|
||||
|
||||
### Sudo vs Su
|
||||
|
||||
Now since we have discussed the basics of the 'su' command as well, it's time we discuss the differences between the 'sudo' and the 'su' commands.
|
||||
|
||||
### Password
|
||||
|
||||
The primary difference between the two is the password they require: while 'sudo' requires current user's password, 'su' requires you to enter the root user password.
|
||||
|
||||
Quite clearly, 'sudo' is a better alternative between the two as far as security is concerned. For example, consider the case of computer being used by multiple users who also require root access. Using 'su' in such a scenario means sharing the root password with all of them, which is not a good practice in general.
|
||||
|
||||
Moreover, in case you want to revoke the superuser/root access of a particular user, the only way is to change the root password and then redistribute the new root password among all the other users.
|
||||
|
||||
With Sudo, on the other hand, you can handle both these scenarios effortlessly. Given that 'sudo' requires users to enter their own password, you don't need to share the root password will all the users in the first place. And to stop a particular user from accessing root privileges, all you have to do is to tweak the corresponding entry in the 'sudoers' file.
|
||||
|
||||
### Default behavior
|
||||
|
||||
The other difference between the two commands is in their default behavior. While 'sudo' only allows you to run a single command with elevated privileges, the 'su' command launches a new shell, allowing you to run as many commands as you want with root privileges until you explicitly exit that sell.
|
||||
|
||||
So the default behavior of the 'su' command is potentially dangerous given the possibility that the user can forget the fact that they are working as root, and might inadvertently make some irrecoverable changes (such as run the 'rm -rf' command in wrong directory). For a detailed discussion on why it's not encouraged to always work as root, head [here][10].
|
||||
|
||||
### Logging
|
||||
|
||||
Although commands run through 'sudo' are executed as the target user (which is 'root' by default), they are tagged with the sudoer's user-name. But in case of 'su', it's not possible to directly trace what a user did after they su'd to the root account.
|
||||
|
||||
### Flexibility
|
||||
|
||||
The 'sudo' command is far more flexible in that you can even limit the commands that you want the sudo-ers to have access to. In other words, users with access to 'sudo' can only be given access to commands that are required for their job. However, with 'su' that's not possible - either you have the privilege to do everything or nothing.
|
||||
|
||||
### Sudo su
|
||||
|
||||
Presumably due to the potential risks involved with using 'su' or logging directly as root, some Linux distributions - like Ubuntu - disable the root user account by default. Users are encouraged to use 'sudo' whenever they need root privileges.
|
||||
|
||||
However, you can still do 'su' successfully, i.e, without entering the root password. All you need to do is to run the following command:
|
||||
|
||||
sudo su
|
||||
|
||||
Since you're running the command with 'sudo', you'll only be required to enter your password. So once that is done, the 'su' command will be run as root, meaning it won't ask for any passwords.
|
||||
|
||||
**PS**: In case you want to enable the root account on your system (although that's strongly discouraged because you can always use 'sudo' or 'sudo su'), you'll have to set the root password manually, which you can do that using the following command:
|
||||
|
||||
sudo passwd root
|
||||
|
||||
### Conclusion
|
||||
|
||||
Both this as well as our previous tutorial (which focuses on 'sudo') should give you a good idea about the available tools that let you do tasks that require escalated (or a completely different set of) privileges. In case you have something to share about 'su' or 'sudo', or want to share your own experience, you are welcome to do that in comments below.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.howtoforge.com/tutorial/sudo-vs-su/
|
||||
|
||||
作者:[Himanshu Arora][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.howtoforge.com/tutorial/sudo-vs-su/
|
||||
[1]:https://www.howtoforge.com/tutorial/sudo-vs-su/#su-
|
||||
[2]:https://www.howtoforge.com/tutorial/sudo-vs-su/#su-c
|
||||
[3]:https://www.howtoforge.com/tutorial/sudo-vs-su/#password
|
||||
[4]:https://www.howtoforge.com/tutorial/sudo-vs-su/#default-behavior
|
||||
[5]:https://www.howtoforge.com/tutorial/sudo-vs-su/#logging
|
||||
[6]:https://www.howtoforge.com/tutorial/sudo-vs-su/#flexibility
|
||||
[7]:https://www.howtoforge.com/tutorial/sudo-vs-su/#the-su-command-in-linux
|
||||
[8]:https://www.howtoforge.com/tutorial/sudo-vs-su/#sudo-vs-su
|
||||
[9]:https://www.howtoforge.com/tutorial/sudo-vs-su/#sudo-su
|
||||
[10]:http://askubuntu.com/questions/16178/why-is-it-bad-to-login-as-root
|
||||
[11]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/
|
||||
[12]:https://www.howtoforge.com/images/sudo-vs-su/big/su-command.png
|
||||
[13]:https://www.howtoforge.com/images/sudo-vs-su/big/su-hyphen-command.png
|
||||
[14]:https://wiki.archlinux.org/index.php/Su
|
@ -1,3 +1,5 @@
|
||||
申请翻译
|
||||
|
||||
Many SQL Performance Problems Stem from “Unnecessary, Mandatory Work”
|
||||
============================================================
|
||||
|
||||
|
@ -0,0 +1,168 @@
|
||||
理解 sudo 与 su 之间的区别
|
||||
============================================================
|
||||
|
||||
### 本文导航
|
||||
|
||||
1. [Linux su 命令][7]
|
||||
1. [su -][1]
|
||||
2. [su -c][2]
|
||||
2. [Sudo vs Su][8]
|
||||
2. [Sudo vs Su][8]
|
||||
1. [关于密码][3]
|
||||
2. [默认行为][4]
|
||||
3. [日志记录][5]
|
||||
4. [灵活性][6]
|
||||
3. [Sudo su][9]
|
||||
|
||||
在[早前的一篇文章][11]中,我们深入讨论了 `sudo` 命令的相关内容。同时,在该文章的末尾有提到相关的命令 `su` 的部分内容。本文,我们将详细讨论关于 su 命令与 sudo 命令之间的区别。
|
||||
|
||||
在开始之前有必要说明一下,文中所涉及到的示例教程都已经在 Ubuntu 14.04 LTS 上测试通过。
|
||||
|
||||
### Linux su 命令
|
||||
|
||||
su 命令的主要作用是让你可以在已登录的会话中切换到另外一个用户。换句话说,这个工具可以让你在不登出当前用户的情况下登录另外一个用户(以该用户的身份)。
|
||||
|
||||
su 命令经常被用于切换到超级用户或 root 用户(因为在命令行下工作,经常需要 root 权限),但是 - 正如前面所提到的 - su 命令也可以用于切换到任意非 root 用户。
|
||||
|
||||
如何使用 su 命令切换到 root 用户,如下:
|
||||
|
||||
[
|
||||
![不带命令行参数的 su 命令](https://www.howtoforge.com/images/sudo-vs-su/su-command.png)
|
||||
][12]
|
||||
|
||||
如上,su 命令要求输入的密码是 root 用户密码。所以,一般 su 命令需要输入目标用户的密码。在输入正确的密码之后,su 命令会在终端的当前会话中打开一个子会话。
|
||||
|
||||
### su -
|
||||
|
||||
还有一种方法可以切换到 root 用户:运行 `su -` 命令,如下:
|
||||
|
||||
[
|
||||
![su - 命令](https://www.howtoforge.com/images/sudo-vs-su/su-hyphen-command.png)
|
||||
][13]
|
||||
|
||||
那么,`su` 命令与 `su -` 命令之间有什么区别呢?前者在切换到 root 用户之后仍然保持旧的或原始用户的环境,而后者则是创建一个新的环境(由 root 用户 ~/.bashrc 文件所设置的环境),相当于使用 root 用户正常登录(从登录屏幕显示登录)。
|
||||
|
||||
`su` 命令手册页很清楚地说明了这一点:
|
||||
|
||||
```
|
||||
可选参数 `-` 可提供的环境为用户在直接登录时的环境。
|
||||
```
|
||||
|
||||
因此,你会觉得使用 `su -` 登录更有意义。但是,同时存在 `su` 命令,那么大家可能会想知道它在什么时候用到。以下内容摘自[ArchLinux wiki website][14] - 关于 `su` 命令的好处和坏处:
|
||||
|
||||
* 有的时候,对于系统管理员来讲,使用其他普通用户的 Shell 账户而不是自己的 Shell 账户更会好一些。尤其是在处理用户问题时,最有效的方法就是是:登录目标用户以便重现以及调试问题。
|
||||
|
||||
* 然而,在多数情况下,当从普通用户切换到 root 用户进行操作时,如果还使用普通用户的环境变量的话,那是不可取甚至是危险的操作。因为是在无意间切换使用普通用户的环境,所以当使用 root 用户进行程序安装或系统更改时,会产生与正常使用 root 用户进行操作时不相符的结果。例如,可以给普通用户安装电源意外损坏系统的程序或获取对某些数据的未授权访问的程序。
|
||||
|
||||
注意:如果你想在 `su -` 命令后面传递更多的参数,那么你必须使用 `su -l` 来实现。以下是 `-` 和 `-l` 命令行选项的说明:
|
||||
|
||||
```
|
||||
-, -l, --login
|
||||
提供相当于用户在直接登录时所期望的环境。
|
||||
|
||||
当使用 - 时,必须放在 su 命令的最后一个选项。其他选项(-l 和 --login)无此限制。
|
||||
```
|
||||
|
||||
### su -c
|
||||
|
||||
还有一个值得一提的 `su` 命令行选项为:`-c`。该选项允许你提供在切换到目标用户之后要运行的命令。
|
||||
|
||||
`su` 命令手册页是这样说明:
|
||||
|
||||
```
|
||||
-c, --command COMMAND
|
||||
使用 -c 选项指定由 Shell 调用的命令。
|
||||
|
||||
被执行的命令无法控制终端。所以,此选项不能用于执行需要控制 TTY 的交互式程序。
|
||||
```
|
||||
|
||||
参考示例:
|
||||
|
||||
```
|
||||
su [target-user] -c [command-to-run]
|
||||
```
|
||||
|
||||
示例中,`command-to-run` 将会被这样执行:
|
||||
|
||||
```
|
||||
[shell] -c [command-to-run]
|
||||
```
|
||||
|
||||
示例中的 `shell` 类型将会被目标用户在 `/etc/passwd` 文件中定义的登录 shell 类型所替代。
|
||||
|
||||
### Sudo vs Su
|
||||
|
||||
现在,我们已经讨论了关于 `su` 命令的基础知识,是时候来探讨一下 `sudo` 和 `su` 命令之间的区别了。
|
||||
|
||||
### 关于密码
|
||||
|
||||
两个命令的最大区别是:`sudo` 命令需要输入当前用户的密码,`su` 命令需要输入 root 用户的密码。
|
||||
|
||||
很明显,就安全而言,`sudo` 命令更好。例如,考虑到需要 root 访问权限的多用户使用的计算机。在这种情况下,使用 `su` 意味着需要与其他用户共享 root 用户密码,这显然不是一种好习惯。
|
||||
|
||||
此外,如果要撤销特定用户的超级用户/root 用户的访问权限,唯一的办法就是更改 root 密码,然后再告知所有其他用户新的 root 密码。
|
||||
|
||||
而使用 `sudo` 命令就不一样了,你可以很好的处理以上的两种情况。鉴于 `sudo` 命令要求输入的是其他用户的密码,所以,不需要共享 root 密码。同时,想要阻止特定用户访问 root 权限,只需要调整 `sudoers` 文件中的相应配置即可。
|
||||
|
||||
### 默认行为
|
||||
|
||||
两个命令之间的另外一个区别是默认行为。`sudo` 命令只允许使用提升的权限运行单个命令,而 `su` 命令会启动一个新的 shell,同时允许使用 root 权限运行尽可能多的命令,直到显示退出登录。
|
||||
|
||||
因此,`su` 命令的默认行为是有风险的,因为用户很有可能会忘记他们正在以 root 用户身份进行工作,于是,无意中做出了一些不可恢复的更改(例如:对错误的目录运行 `rm -rf` 命令)。关于为什么不鼓励以 root 用户身份进行工作的详细内容,请参考[这里][10]
|
||||
|
||||
### 日志记录
|
||||
|
||||
尽管 `sudo` 命令是以目标用户(默认情况下是 root 用户)的身份执行命令,但是他们会使用 sudoer 所配置的用户名来记录是谁执行命令。而 `su` 命令是无法直接跟踪记录用户切换到 root 用户之后执行了什么操作。
|
||||
|
||||
### 灵活性
|
||||
|
||||
`sudo` 命令会比 `su` 命令灵活很多,因为你甚至可以限制 sudo 用户可以访问哪些命令。换句话说,用户通过 `sudo` 命令只能访问他们工作需要的命令。而 `su` 命令让用户有权限做任何事情。
|
||||
|
||||
### Sudo su
|
||||
|
||||
大概是因为使用 `su` 命令或直接以 root 用户身份登录有风险,所以,一些 Linux 发行版(如 Ubuntu)默认禁用 root 用户帐户。鼓励用户在需要 root 权限时使用 `sudo` 命令。
|
||||
|
||||
However, you can still do 'su' successfully, i.e, without entering the root password. All you need to do is to run the following command:
|
||||
然而,您还是可以成功执行 `su` 命令,即不用输入 root 用户的密码。运行以下命令:
|
||||
|
||||
```
|
||||
sudo su
|
||||
```
|
||||
|
||||
由于你使用 `sudo` 运行命令,你只需要输入当前用户的密码。所以,一旦完成操作,`su` 命令将会以 root 用户身份运行,这意味着它不会再要求输入任何密码。
|
||||
|
||||
** PS **:如果你想在系统中启用 root 用户帐户(虽然强烈反对,但你还是可以使用 `sudo` 命令或 `sudo su` 命令),你必须手动设置 root 用户密码 可以使用以下命令:
|
||||
|
||||
```
|
||||
sudo passwd root
|
||||
```
|
||||
|
||||
### 结论
|
||||
|
||||
这篇文章以及之前的教程(其中侧重于 `sudo` 命令)应该能给你一个比较好的建议,当你需要可用的工具来提升(或一组完全不同的)权限来执行任务时。 如果您也想分享关于 `su` 或 `sudo` 的相关内容或者经验,欢迎您在下方进行评论。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.howtoforge.com/tutorial/sudo-vs-su/
|
||||
|
||||
作者:[Himanshu Arora][a]
|
||||
译者:[zhb127](https://github.com/zhb127)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.howtoforge.com/tutorial/sudo-vs-su/
|
||||
[1]:https://www.howtoforge.com/tutorial/sudo-vs-su/#su-
|
||||
[2]:https://www.howtoforge.com/tutorial/sudo-vs-su/#su-c
|
||||
[3]:https://www.howtoforge.com/tutorial/sudo-vs-su/#password
|
||||
[4]:https://www.howtoforge.com/tutorial/sudo-vs-su/#default-behavior
|
||||
[5]:https://www.howtoforge.com/tutorial/sudo-vs-su/#logging
|
||||
[6]:https://www.howtoforge.com/tutorial/sudo-vs-su/#flexibility
|
||||
[7]:https://www.howtoforge.com/tutorial/sudo-vs-su/#the-su-command-in-linux
|
||||
[8]:https://www.howtoforge.com/tutorial/sudo-vs-su/#sudo-vs-su
|
||||
[9]:https://www.howtoforge.com/tutorial/sudo-vs-su/#sudo-su
|
||||
[10]:http://askubuntu.com/questions/16178/why-is-it-bad-to-login-as-root
|
||||
[11]:https://www.howtoforge.com/tutorial/sudo-beginners-guide/
|
||||
[12]:https://www.howtoforge.com/images/sudo-vs-su/big/su-command.png
|
||||
[13]:https://www.howtoforge.com/images/sudo-vs-su/big/su-hyphen-command.png
|
||||
[14]:https://wiki.archlinux.org/index.php/Su
|
Loading…
Reference in New Issue
Block a user