As we know, Linux provides much better security than other options. You can set the user management policy and user permissions so normal users can't authenticate the critical system processes. If you want your other users can perform such actions, you will need to use the 'su' or 'sudo' commands.
What is 'su'?
In the Linux system, su will force you to share your root password with another user.
What is 'sudo'?
In Linux, sudo is a root binary setuid that can run the root commands for authorized users. Users who run the sudo must type their passwords to execute the command.
To add or remove the list of sudo users, you can run the command given below –
# sudo /usr/sbin/visudo
By default, the sudo string will appear as shown below – b
# root ALL=(ALL) ALL
How to grant sudo access?
You can run the command given below -
root ALL=(ALL:ALL) ALL
admin ALL=(ALL:ALL) ALL
It is not safe to grant ALL=(ALL) ALL permission to users except the listed users that you know.
instead, you can configure your sudo user more precisely by providing the limited command permission.
For that, you can use the line given below –
User_name Machine_name=(Effective_user) command
Following are all divided parts of the above line -
- User_name: Name of the sudo user.
- Machine_name: Hostname of the server.
- (Effective_user): Users who are allowed to execute the command.
- Command: Commands or sets of commands which sudo users can perform.
Are you facing an issue with the su user?
Please refer to SU > Enable Cagefsctl for more details.