stackoom
  简体   繁体   中英

sudo -i: why does this give a root shell?

 原文  2017-03-23 13:22:03       linux/ shell/ sudo

Question

Running sudo -i I end up with a root shell on my Linux box.

But reading up on the -i option it says: 

 -i, --login
                 Run the shell specified by the target user's password database entry as a login shell.  This means that
                 login-specific resource files such as .profile or .login will be read by the shell.  If a command is
                 specified, it is passed to the shell for execution via the shell's -c option.  If no command is speci‐
                 fied, an interactive shell is executed.  sudo attempts to change to that user's home directory before
                 running the shell.  The command is run with an environment similar to the one a user would receive at
                 log in.  The Command Environment section in the sudoers(5) manual documents how the -i option affects
                 the environment in which a command is run when the sudoers policy is in use.

I'm not clear.

Why is the target user root?

And how is this different from sudo su ?

1 answers

solution1
 0 ACCPTED  2017-03-23 13:37:51

Because 'root' is the default user. Emphasis is from me.

-u user, --user=user

Run the command as a user other than the default target user ( usually root ). The user may be either a user name or a numeric user ID (UID) prefixed with the '#' character (eg #0 for UID 0). When running commands as a UID, many shells require that the '#' be escaped with a backslash ('\\'). Some security policies may restrict UIDs to those listed in the password database. The sudoers policy allows UIDs that are not in the password database as long as the targetpw option is not set. Other security policies may not support this.

sudo su is effectively executing the su command as the user specified (or root by default).

The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser.

As you are running su as 'root' (due to the use of sudo ), you aren't then asked to prove your identity with a password - many systems do not permit 'root' to login with a password, by placing a ! in field 2 of /etc/shadow .

"!" – the account is password locked, user will be unable to log-in via password authentication but other methods (eg ssh key) may be still allowed

Additionally, even if root does have password access, then on a system with multiple administrators, or a shared development system, then sharing a password is not ideal.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why does shell redirection fail when using echo/sudo? What shell does sudo use Why can't I use 'sudo su' within a shell script? How to make a shell script run with sudo automatically Why can I run java on the terminal, but not on a shell script, even when the shell script is being runned using sudo? Why does a function in bash script throw syntax error as root (using sudo) while as standard user it works? Why does specifying my shell change the EUID of root? Why could I recover the permission of root mount point after I execute 'sudo chmod -x /' Running shell commands from PHP - With root permissions or sudo Why does gammu require sudo to work? What value does $(shell pwd) give?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM