Running sudo -i
I end up with a root shell on my Linux box.
But reading up on the -i
option it says:
-i, --login
Run the shell specified by the target user's password database entry as a login shell. This means that
login-specific resource files such as .profile or .login will be read by the shell. If a command is
specified, it is passed to the shell for execution via the shell's -c option. If no command is speci‐
fied, an interactive shell is executed. sudo attempts to change to that user's home directory before
running the shell. The command is run with an environment similar to the one a user would receive at
log in. The Command Environment section in the sudoers(5) manual documents how the -i option affects
the environment in which a command is run when the sudoers policy is in use.
I'm not clear.
Why is the target user
root?
And how is this different from sudo su
?
Because 'root' is the default user. Emphasis is from me.
-u user, --user=user
Run the command as a user other than the default target user ( usually root ). The user may be either a user name or a numeric user ID (UID) prefixed with the '#' character (eg #0 for UID 0). When running commands as a UID, many shells require that the '#' be escaped with a backslash ('\\'). Some security policies may restrict UIDs to those listed in the password database. The sudoers policy allows UIDs that are not in the password database as long as the targetpw option is not set. Other security policies may not support this.
sudo su
is effectively executing the su
command as the user specified (or root by default).
The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser.
As you are running su
as 'root' (due to the use of sudo
), you aren't then asked to prove your identity with a password - many systems do not permit 'root' to login with a password, by placing a !
in field 2 of /etc/shadow
.
"!" – the account is password locked, user will be unable to log-in via password authentication but other methods (eg ssh key) may be still allowed
Additionally, even if root does have password access, then on a system with multiple administrators, or a shared development system, then sharing a password is not ideal.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.