考虑一下来自优秀XKCD(XKCD)网络漫画的上述漫画。坐在椅子上的懒汉希望他们的朋友给他们做三明治,但他们没有权力让他们这样做。也就是说,直到他调用强大的 sudo 命令。之后,将以一种或另一种方式制作三明治。
虽然在现实生活中对一个人尝试 sudo 可能不会那么有效,但它是一个神奇的命令,可以克服Linux世界中的每一个障碍。什么是须藤?为什么它甚至存在?答案在于Linux如何处理权限。
了解Linux 用户权限(Linux User Permissions)
由于它处理权限的方式, Linux(Linux)被认为是一个安全的操作系统。虽然 macOS(与Linux共享祖先)和Windows等操作系统在这方面现在更像Linux ,但(Linux)开源(Open Source)操作系统仍然有些独特。
了解 Linux 如何处理权限使您更容易理解 sudo 命令。所有现代操作系统都具有“管理员”或“根”用户权限级别。如果您有管理员或 root 帐户,您可以更改任何设置、删除任何数据并通常对计算机做任何您喜欢的事情。
这包括您可能不应该做的可能导致数据丢失或需要完全擦除和重新安装的事情。
Linux不会将 root 用户级别权限设为默认值。相反,如果不提升您的权限级别,您的帐户就无法进入系统的真正敏感部分。这意味着当您想使用图形界面做一些不寻常的事情时,系统会要求您输入管理员密码。
但是,当您想使用终端(Terminal)命令行完成任务时,sudo 是最安全、最有效的方法。
须藤和终端
在Linux(Linux)中有两种方法可以给自己提升权限。一种是永久以root用户身份登录。这样做的问题是任何其他可能访问计算机的人都可能造成严重破坏,甚至您也可能会意外地做到这一点。Sudo仅在短时间内提升您的权限以执行其后面的特定命令。
须藤语法
Sudo 的语法(命令的格式)很简单。只需(Simply)键入“sudo”,然后键入要执行的命令。
例如,“sudo apt-get update”将更新相关文件中列出的所有应用程序存储库。如果您尝试在没有 sudo 的情况下运行它,您会收到一条错误消息,告诉您您没有权限。顺便说一句,这通常是您在全新安装您最喜欢的Linux(Linux)发行版后要运行的第一个 sudo 命令。
须藤中的“苏”
sudo 中的“su”是“superuser”的缩写,它是一个独立的命令。“su”命令允许您更改 sudo 将您提升到的用户权限。
尽管 sudo 暂时将您提升为 root,但 su 将您更改为具有适当权限的另一个用户。这似乎是一个不重要的区别,但有充分的理由更改 sudo 将用户提升到的帐户。
首先(First),更改帐户意味着普通用户不知道root密码。其次,有一个所有 sudo 命令的日志,这意味着系统管理员(root)可以查找谁发出了 su 命令。
su 的语法与 sudo 基本相同:
su 用户名 -c 命令(Su USERNAME -c COMMAND)
将 USERNAME 替换(Replace USERNAME)为运行命令所需的用户,将COMMAND替换为您要执行的Linux命令。(Linux)
如果您想以另一个用户身份运行多个命令,只需使用:
苏用户(Su USER)
将 USER 替换(Replace USER)为所需的用户帐户身份。
如果您单独使用 su,Linux将切换到另一个用户帐户,直到您使用“退出”命令。重要的是要记住这个或在该会话中访问终端的下一个用户仍将具有提升的权限。这就是为什么通常使用 sudo 比使用 su 更好的原因。
须藤时间限制
第一次使用 sudo 命令时,您必须输入密码。然后,该密码将在 15 分钟内保持有效。您可以通过运行命令sudo visudo(sudo visudo)并将“timestamp_timeout=”更改为更长或更短的值来更改此默认值。但是,我们不建议您这样做,除非您有充分的理由延长或缩短 sudo 密码的有效期。
须藤选项开关
虽然 sudo 语法很简单,但有几个开关值得了解。这些命令可以打开附加信息或帮助您控制 sudo 会话:
- -h显示 sudo 的语法和命令信息。
- -V在您的机器上显示 sudo 的当前版本。
- -v刷新 sudo 时间限制,重新启动时钟。
- -l列出用户权限。
- -k立即终止当前的 sudo 会话,删除提升的权限。
sudo 内置了更多选项,您可以使用上面列出的第一个 -h 开关查看它们。
上面的屏幕截图是使用帮助选项时的结果。
有用的 Sudo 命令
那么每个Linux用户都应该知道哪些由 sudo 授权的命令呢?我们已经介绍了 sudo apt-get update,但也要注意这些:
- Sudo apt-get upgrade将升级所有已安装的软件包。
- Sudo apt-get install <package-name>安装您选择的软件;只需将软件包名称更改为您要安装的名称即可。
- 如果您不知道包名称,请使用dpkg –list。
- 如果要从终端中删除已安装的软件包,请使用sudo apt-get remove <package-name (再次替换相关的特定软件包名称)。
这些可能是您必须使用的第一个 sudo 命令,但正如您在上面了解到的,任何命令都可以跟随 sudo,但您应该只使用需要更高权限的命令。
What Is Sudo in Linux and How To Use It
Consider the above comic from the excellent XKCD webcomic. The lazy fellow in the chair wants their friend to make them a sandwich, but they lack the aυthority to make them do it. That is, until he invokes the mighty sudо command. After which, a sandwich will bе made one way or another.
While trying sudo on a person in real life probably won’t be as effective, it’s the magic command that gets past every roadblock in the world of Linux. What is sudo? Why does it even exist? The answer lies in how Linux handles permissions.
Understanding Linux User Permissions
Linux is considered a secure operating system due to how it handles permissions. While operating systems such as macOS (which shared an ancestor with Linux) and Windows are now more like Linux in this regard, the Open Source operating system is still somewhat unique.
Understanding how Linux handles permissions makes it a lot easier to get your head around the sudo command. All modern operating systems have an “administrator” or “root” user permissions level. If you have an admin or root account, you can change any setting, delete any data and generally do whatever you like with the computer.
That includes things that you probably shouldn’t do that can lead to data loss or the need for a complete wipe and reinstallation.
Linux doesn’t make root user level permissions the default. Instead, your account can’t get at the really sensitive parts of the system without elevating your permission level. That means the system will ask you to enter the administrator password when you want to do something out of the ordinary using a graphical interface.
However, when you want to use the Terminal command line to get things done, sudo is the safest and most efficient way to go about it.
Sudo and the Terminal
There are two ways to give yourself elevated permissions in Linux. One is to log in as the root user permanently. The problem with this is that anyone else who may access the computer can wreak havoc, and even you can do it by accident. Sudo elevates your permissions only for a short time to execute the specific commands that follow it.
Sudo Syntax
Sudo’s syntax (the command’s format) is simple. Simply type “sudo” followed by the command you want to execute.
For example, “sudo apt-get update” will update all of the app repositories listed in the relevant file. If you tried to run it without sudo, you’d get an error message telling you that you don’t have permission. Incidentally, this is generally the first sudo command you’ll want to run after a fresh installation of your favorite Linux distro.
The “Su” in Sudo
The “su” in sudo is short for “superuser” and it is a standalone command. The “su” command lets you change which user’s privileges sudo elevates you to.
Although sudo elevates you to root temporarily, su changes you to another user with suitable privileges. That may seem like an unimportant distinction, but there are good reasons to change the account that sudo elevates a user to.
First of all, changing the account means that regular users don’t know the root password. Second, there’s a log of all sudo commands, which means that the system administrator (root) can look up who issued su commands.
The syntax for su is essentially the same as sudo:
Su USERNAME -c COMMAND
Replace USERNAME with the desired user to run the command and COMMAND with the Linux command you want to execute.
If you want to run multiple commands as another user, simply use:
Su USER
Replace USER with the desired user account identity.
If you use su by itself, Linux will switch to the other user account until you use the command “exit.” It’s important to remember this or the next user to access the terminal in that session will still have elevated permissions. This is why it’s generally better to use sudo rather than su.
The Sudo Time Limit
The first time that you use a sudo command, you’ll have to enter a password. Then, that password will remain valid for 15 minutes. You can change this default by running the command sudo visudo and changing “timestamp_timeout=” to a longer or shorter value. However, we don’t recommend you do this unless you have a good reason to extend or shorten how long a sudo password remains valid.
Sudo Option Switches
Although the sudo syntax is simple, several switches are worth knowing about. These commands open up additional information or help you control the sudo session:
- -h shows you syntax and command information for sudo.
- -V displays the current version for sudo on your machine.
- -v refreshes the sudo time limit, restarting the clock.
- -l lists user privileges.
- -k kills the current sudo session immediately, removing elevated privileges.
There are many more options built into sudo, and you can see them all using the first -h switch listed above.
The above screenshot is what results when you use the help option.
Useful Sudo Commands
So which commands empowered by sudo should every Linux user know? We’ve already covered sudo apt-get update, but take a note of these as well:
- Sudo apt-get upgrade will upgrade all installed packages.
- Sudo apt-get install <package-name> installs software of your choice; just change the package name to the one you want to install.
- If you don’t know the package name, use dpkg –list.
- If you want to remove an installed package from the terminal, use sudo apt-get remove <package-name (again substituting the specific package name in question).
These are likely the first sudo commands you’ll have to use, but as you’ve learned above any command can follow sudo, but you should only use ones that need higher privileges with it.
