Ubuntu 系统安装后会锁定 root 帐户且不提供密码,以增强安全性。root 帐户拥有系统关键文件和进程,但普通用户可通过 sudo 命令以管理员权限执行任务。sudo 默认要求时间戳验证,15分钟内无须再次输入密码。用户可以使用 sudo -l 检查可运行的命令,而 sudo -i 则能启动一个 root shell,但应谨慎使用并尽快退出。
p490/5 73
“sudo (www.sudo.ws)”
有root帐号但却没有root密码。
一旦系统安装完毕,ubutu会锁定root帐号,且不提供root密码。这样能防止任何人都能以root权限登陆(除非你想在recovery mode(p512)下启动system)。但是,在 etc/passwd的第一行,这里会有一个用户名为root的用户。这个帐号/用户 拥有文件(命令行:ls -1/bin) 并能运行进程(命令行:ps - ef,然后查看输出的左栏的内容 )。root帐号对Ubuntu linux系统来说有非常关键的作用。
“There is a root account, but no root password
As installed, Ubuntu locks the root account by not providing a root password. This setup prevents anyone from logging into the root account (except when you bring the system up in recovery mode [page 512]). There is, however, a root account (a user with the username root—look at the first line in etc/passwd). This account/user owns files (give the command ls –l /bin) and runs processes (give the command ps –ef and look at the left column of the output). The root account is critical to the functioning of an Ubuntu system.”
sudo 允许admin group的成员去以root权限运行。因为没有root密码,最初,用命令行去执行特权管理任务的唯一方法是,让第一个用户用sudo去运行命令。图形程序会呼叫其他程序,诸如 gksudo,它接下来也会去调用sudo去验证。默认是有时间戳的,sudo会在运行命令之前要求你的密码(不是root密码),那个时候,时间戳就打上了。在你输入密码后,基于你的时间戳,sudo不会在15分钟内重新要求你的密码。
“As installed, sudo is configured to allow members of the admin group to run with root privileges. Because there is no root password, initially the only way to perform privileged administrative tasks from the command line is for the first user to run them using sudo. Graphical programs call other programs, such as gksudo (see the adjacent tip), which in turn call sudo for authentication. Timestamp By default, sudo asks for your password (not the root password) the first time you run it. At that time, sudo sets your timestamp. After you supply a password, sudo will not prompt you again for a password for 15 minutes, based on your timestamp.”
现在sam使用-1去检查sudo会允许他运行哪些命令。
“Now Sam uses the –l option to check which commands sudo will allow him to run.
$ sudo -l
”
“Spawning a root shell When you have several commands you need to run with root privileges, it may be easier to spawn a root shell, give the commands without having to type sudo in front of each one, and exit from the shell. This technique defeats some of the safeguards built in to sudo, so use it carefully and remember to return to a nonroot shell as soon as possible. (See the tip on least privilege on page 488.) Use the sudo –i option to spawn a root shell:
$ pwd
/home/sam
$ sudo -i
id
uid=0(root) gid=0(root) groups=0(root)
pwd
/root
exit
$
In this example, sudo spawns a root shell, which displays a # prompt to remind you that you are running with root privileges. The id utility displays the identity of the user running the shell. The exit command (you can also use CONTROL-D) terminates the root shell, returning the user to his normal status and his former shell and prompt.”
扫一扫
4951
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
