SU¶
Giving away root password to anyone
su
pwd
echo $USER
as login shell:
su - # same as -l or --login
use different shell:
cat /etc/shells
whatis rbash
su -s /bin/sh # --shell
su -l milad
Bash config aka startup files.¶
/etc/profile
/etc/bash.bashrc
ls -A /etc/skel
As a login shell¶
When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and exe‐cutes commands from the first one that exists and is readable.
~/.bash_profile > ~/.bash_login > ~/.profile
As an interactive shell¶
When an interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc and ~/.bashrc, if these files exist.
/etc/bash.bashrc > ~/.bashrc
While closing a login shell¶
When a login shell exits, bash reads and executes commands from the file ~/.bash_logout, if it exists.
And after all ~/.bashrc will sources ~/.bash_aliases if it exists.
grep -v '^#' ~/.profile
sudo¶
id -Gn
grep milad /etc/group | cut -f1 -d: | tr '\n' ' '
id root -G; id root -Gn
cat /etc/sudoers
sudo cat /etc/sudoers
# Resets the terminal environment after switching to root. So, ie: all user set variables are removed
# commands to be executed with a new, minimal environment.
Defaults env_reset
# Send mail to the mailto user if the user running sudo does not enter the correct password.
Defaults mail_badpass
Defaults insults
# User privilege specification
# lets root do everything on any machine as any user.
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
# Anybody in the admin group run anything as any user
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALLWho can run what as who¶
who host=(user:group) options:commands
<user list> <host list> = (<operator list>) <tag list>: <command list>
- host: sharing asudoers file (ALL/Name)
- user: -u
- group: -g
- options: tags (NOEXEC, NOPASSWD, PASSWD, etc)
Bellow line would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore without authenticating himself.
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
If we only want ray to be able to run /bin/kill without a password the entry would be:
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
What does this line do?
%wheel ALL=(ALL) NOPASSWD: ALLEDITOR=nano sudo visudo
Aliases¶
User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias.
There are also built in aliases called ALL which match everything where they are used.
User Aliases¶
# Everybody in the "admin" group
User_Alias ADMINS = %admin
# Only specified users
User_Alias LADMINS = milad, rajab, jafar
# Everyone in ADMINS alias except the ones are in LADMINS
User_Alias GUSERS = ADMINS, !LADMINS
Host Aliases¶
Host_Alias SRV = 192.168.56.10, 192.168.56.14, debian-dns
Host_Alias SRVS = 192.168.56.0/255.255.255.0
Cmnd Aliases¶
Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/haltChange user (switch to)¶
sudo -i -u milad # Close to `su -`; login shell
sudo -u milad -i /bin/dash # specify shell
sudo -s -u milad # non-login shell
sudo -u milad -s /bin/dash # specify
gksudo, gksu¶
gksu is a frontend to su and gksudo is a frontend to sudo.
gksudo thunar # asks for my password
gksu thunar # root pass - defaults to use "sudo mode" root is disabled right?
ls -l `which gksudo`
gksu --su-mode gufw
gksu -u milad thunar
sudo -H thunar
Lecture notes¶
- All lecture notes are available at github in
ipynbformat: https://github.com/ravexina/linux-notes.
- There are
htmlexports of project available at: https://ravexina.github.io/linux-notes.
License¶
Linux Notes by Milad As (Ravexina) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
