User Tools

Site Tools


accounts-and-permissions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
accounts-and-permissions [2019/04/12 19:17]
Miroslav Bernát
accounts-and-permissions [2019/04/12 19:26] (current)
Miroslav Bernát
Line 51: Line 51:
 | **lsattr** (<​file/​directory>​) | prints attributes of the contents of the working directory or a specified file or the contents a specified directory on ext2, ext3 or ext4 file system, **-a** prints hidden files as well, **-d** directory itself, without its contents, **-R** recursively | | **lsattr** (<​file/​directory>​) | prints attributes of the contents of the working directory or a specified file or the contents a specified directory on ext2, ext3 or ext4 file system, **-a** prints hidden files as well, **-d** directory itself, without its contents, **-R** recursively |
 | **su** (<​user>​) | logs in under root (system administrator) or under a specified user (changes the effective UID and GID), **-** or **-l** including the user's environment (initializes HOME, SHELL, USER, LOGNAME and PATH variables), **-c** <​command>​ only executes the command under another user | | **su** (<​user>​) | logs in under root (system administrator) or under a specified user (changes the effective UID and GID), **-** or **-l** including the user's environment (initializes HOME, SHELL, USER, LOGNAME and PATH variables), **-c** <​command>​ only executes the command under another user |
-| **sudo** (<​parameter>​) (<​command>​) | allows a permitted user to execute a command as root or another user (without knowing the password) as specified in ///​etc/​sudoers//​ in the following order: <​user>​ <​host>​ = (<​original_user>​) (<​verification>:​) <​command>​ (in absolute form); at the beginning of the file it is possible to define by capital letters aliases representing the permitted users, original users, hosts and commands, considering that „ALL“ expression represents any value in the mentioned items:\\ //dookie ALL = (root) /bin/mount -t iso9660 /dev/cdrom /mnt/cdrom, NOPASSWD: /bin/umount /​mnt/​cdrom//​\\ (dookie is allowed to mount cdrom and unmount it without a password ​requirenment)\\ //tim localhost = /bin/su [!-]*, !/bin/su *root*//\\ (tim is allowed to switch to any user except root on the particular host without loading the user's environment)\\ //%admin ALL = SERVICES, PROCESSES, STORAGE//\\ (the members of „admin“ group  are allowed to execute all the commands represented by the particular aliases on all hosts)\\ **-b** runs the given command in the background, **-l** prints information whether the logged-in user is allowed to use „sudo“ and possible commands he may execute on the current host, **-u** <​user>​ runs the specified command as a user other than root; only root is allowed to edit ///​etc/​sudoers//​ by „visudo“ command; the usage of „sudo“ is logged to ///​var/​log/​secure//​\\ ''​$ sudo /​sbin/​shutdown -h now''​\\ ''​$ sudo -u tom ls ~tom''​\\ ''​$ sudo sh -c "cd /home ; du -s * | sort -rn > usage"''​\\ ''​$ sudo su - root -c /​bin/​bash''​ |+| **sudo** (<​parameter>​) (<​command>​) | allows a permitted user to execute a command as root or another user (without knowing the password) as specified in ///​etc/​sudoers//​ in the following order: <​user>​ <​host>​ = (<​original_user>​) (<​verification>:​) <​command>​ (in absolute form); at the beginning of the file it is possible to define by capital letters aliases representing the permitted users, original users, hosts and commands, considering that „ALL“ expression represents any value in the mentioned items:\\ //dookie ALL = (root) /bin/mount -t iso9660 /dev/cdrom /mnt/cdrom, NOPASSWD: /bin/umount /​mnt/​cdrom//​\\ (dookie is allowed to mount cdrom and unmount it without a password ​requirement)\\ //tim localhost = /bin/su [!-]*, !/bin/su *root*//\\ (tim is allowed to switch to any user except root on the particular host without loading the user's environment)\\ //%admin ALL = SERVICES, PROCESSES, STORAGE//\\ (the members of „admin“ group  are allowed to execute all the commands represented by the particular aliases on all hosts)\\ **-b** runs the given command in the background, **-l** prints information whether the logged-in user is allowed to use „sudo“ and possible commands he may execute on the current host, **-u** <​user>​ runs the specified command as a user other than root; only root is allowed to edit ///​etc/​sudoers//​ by „visudo“ command; the usage of „sudo“ is logged to ///​var/​log/​secure//​\\ ''​$ sudo /​sbin/​shutdown -h now''​\\ ''​$ sudo -u tom ls ~tom''​\\ ''​$ sudo sh -c "cd /home ; du -s * | sort -rn > usage"''​\\ ''​$ sudo su - root -c /​bin/​bash''​ |
 | **visudo** | edits ///​etc/​sudoers//,​ **-c** verifies the integrity of the file, **-f** <​file>​ specifies an alternative sudoers file instead of ///​etc/​sudoers//​ | | **visudo** | edits ///​etc/​sudoers//,​ **-c** verifies the integrity of the file, **-f** <​file>​ specifies an alternative sudoers file instead of ///​etc/​sudoers//​ |
 | **umask** (<​permissions>​) | prints or sets default permissions for newly created files and directories in the following order: user (owner) - group - others in a numeric (octal) expression, however the digits stand for the permissions that are to be taken from the given system value 666 for files and 777 for directories,​ **-S** symbolic expression; (permanent setup in //​~/​.bashrc//​ or //​~/​.bash_profile//,​ the default global value is 002 for ordinary users and 022 for root in ///​etc/​bashrc//​)\\ ''​$ umask 0027''​ / ''​umask 27''​\\ (the owner has all permissions,​ the group has read permissions and access to directories and others have no permissions) | | **umask** (<​permissions>​) | prints or sets default permissions for newly created files and directories in the following order: user (owner) - group - others in a numeric (octal) expression, however the digits stand for the permissions that are to be taken from the given system value 666 for files and 777 for directories,​ **-S** symbolic expression; (permanent setup in //​~/​.bashrc//​ or //​~/​.bash_profile//,​ the default global value is 002 for ordinary users and 022 for root in ///​etc/​bashrc//​)\\ ''​$ umask 0027''​ / ''​umask 27''​\\ (the owner has all permissions,​ the group has read permissions and access to directories and others have no permissions) |
Last modified: 2019/04/12 19:26 by Miroslav Bernát

visits: