as login shell:
su - # same as -l or --login
use different shell:
/bin/sh /bin/dash /bin/bash /bin/rbash
rbash (1) - restricted bash, see bash(1)
su -s /bin/sh # --shell
su -l milad
ls -A /etc/skel
.bash_logout .bashrc .profile
When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file
/etc/profile, if that file exists. After reading that file, it looks for
~/.profile, in that order, and reads and exe‐cutes commands from the first one that exists and is readable.
~/.bash_profile > ~/.bash_login > ~/.profile
When an interactive shell that is not a login shell is started, bash reads and executes commands from
~/.bashrc, if these files exist.
/etc/bash.bashrc > ~/.bashrc
When a login shell exits, bash reads and executes commands from the file ~/.bash_logout, if it exists.
And after all
~/.bashrc will sources
~/.bash_aliases if it exists.
grep -v '^#' ~/.profile
if [ -n "$BASH_VERSION" ]; then # include .bashrc if it exists if [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" fi fi PATH="$HOME/Bin:$HOME/.local/bin:$PATH"
milad adm cdrom sudo dip plugdev lpadmin sambashare wireshark docker
grep milad /etc/group | cut -f1 -d: | tr '\n' ' '
adm cdrom sudo dip plugdev milad lpadmin sambashare wireshark docker
id root -G; id root -Gn
cat: /etc/sudoers: Permission denied
sudo cat /etc/sudoers
# Resets the terminal environment after switching to root. So, ie: all user set variables are removed # commands to be executed with a new, minimal environment. Defaults env_reset # Send mail to the mailto user if the user running sudo does not enter the correct password. Defaults mail_badpass Defaults insults # User privilege specification # lets root do everything on any machine as any user. root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges # Anybody in the admin group run anything as any user %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
who host=(user:group) options:commands
<user list> <host list> = (<operator list>) <tag list>: <command list>
Bellow line would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore without authenticating himself.
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
If we only want ray to be able to run /bin/kill without a password the entry would be:
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
What does this line do?
%wheel ALL=(ALL) NOPASSWD: ALL
EDITOR=nano sudo visudo
User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias.
There are also built in aliases called ALL which match everything where they are used.
# Everybody in the "admin" group User_Alias ADMINS = %admin # Only specified users User_Alias LADMINS = milad, rajab, jafar # Everyone in ADMINS alias except the ones are in LADMINS User_Alias GUSERS = ADMINS, !LADMINS
Host_Alias SRV = 192.168.56.10, 192.168.56.14, debian-dns Host_Alias SRVS = 192.168.56.0/255.255.255.0
Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/halt
sudo -i -u milad # Close to `su -`; login shell
sudo -u milad -i /bin/dash # specify shell
sudo -s -u milad # non-login shell
sudo -u milad -s /bin/dash # specify
gksudo thunar # asks for my password
gksu thunar # root pass - defaults to use "sudo mode" root is disabled right?
ls -l `which gksudo`
lrwxrwxrwx 1 root root 4 Dec 25 2014 /usr/bin/gksudo -> gksu
gksu --su-mode gufw
gksu -u milad thunar
sudo -H thunar
htmlexports of project available at: https://ravexina.github.io/linux-notes.
Linux Notes by Milad As (Ravexina) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.