\u9996\u5148\uff0c\u5b9e\u5730\u770b\u770bsudo\u548csu\u547d\u4ee4\u7684\u4f4d\u7f6e\u548c\u76f8\u5173\u5c5e\u6027\uff1a<\/p>\n
root@ixyzero.com:~# whereis sudo\nsudo: \/usr\/bin\/sudo \/usr\/lib\/sudo \/usr\/bin\/X11\/sudo \/usr\/share\/man\/man8\/sudo.8.gz\n\nroot@ixyzero.com:~# whereis su\nsu: \/bin\/su \/usr\/share\/man\/man1\/su.1.gz\n\nroot@ixyzero.com:~# ls -l \/usr\/bin\/sudo\n-rwsr-xr-x 1 root root 156708 Mar 13 00:27 \/usr\/bin\/sudo\n\nroot@ixyzero.com:~# ls -l \/bin\/su\n-rwsr-xr-x 1 root root 35300 Feb 17 2014 \/bin\/su<\/pre>\n\u6ce8\u610f\u6700\u540e\u7684”ls -l”\u547d\u4ee4\u4e2d\u770b\u5230\u7684’s’\u5b57\u7b26\uff0csetuid<\/a>\u4f4d\uff0c\u53c2\u8003\u5b66\u4e60\uff1aLinux \u6587\u4ef6\u7cfb\u7edf\u5b89\u5168\u653b\u7565<\/a>\u3002\u7136\u540e\u8fdb\u5165\u6b63\u6587\uff1a<\/p>\n
\u641c\u7d22\u5173\u952e\u5b57\uff1a<\/h6>\n
sudo su \u73af\u5883\u53d8\u91cf<\/p>\n
==<\/p>\n
\u5f53\u524d\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u4e0d\u4f1a\u5e94\u7528\u5230sudo\u542f\u52a8\u7684\u7a0b\u5e8f\uff0c\u9664\u975e\u4f7f\u7528-E\u9009\u9879<\/strong><\/h6>\n
-E, –preserve-env<\/p>\n
Indicates to the security policy that the user wishes to preserve their existing environment variables.\u00a0 The security policy may return an error if the user does not have permission to preserve the environment.<\/p><\/blockquote>\n
$ sudo -E pacman -Syu<\/pre>\n\u5982\u679c\u7ecf\u5e38\u9700\u8981\u8fd9\u6837\u505a\uff0c\u53ef\u4ee5\u5728~\/.bashrc\uff08\u6216\u5176\u4ed6shell\u914d\u7f6e\u6587\u4ef6\uff09\u4e2d\u52a0\u5165\u547d\u4ee4\u522b\u540d\uff1a<\/p>\n
alias sudo=\"sudo -E\"<\/pre>\n\u5728\/etc\/sudoers\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u4f5c\u7528\u76f8\u540c\uff1a<\/p>\n
Defaults\u00a0!env_reset<\/pre>\n\u53ef\u4ee5\u628a\u9700\u8981\u4f20\u9012\u73af\u5883\u53d8\u91cf\u7684\u547d\u4ee4\u8bbe\u7f6e\u5230env_keep\uff1a<\/p>\n
Defaults env_keep += \"ftp_proxy http_proxy https_proxy no_proxy\"<\/pre>\n==<\/p>\n
su \u4e0e su – \u7684\u533a\u522b<\/strong><\/span><\/h6>\n
$ su username<\/pre>\nshell\u4f1a\u5207\u6362\u5230username\u7684\u8eab\u4efd\uff0c\u4f46\u662fshell\u7684\u73af\u5883\u53d8\u91cf\u8fd8\u662f\u548c\u5207\u6362\u524d\u7684\u4e00\u6837\uff0c\u6ce8\u610f\uff0c\u8fd9\u6837\u53ef\u80fd\u4f1a\u8fd0\u884c\u4e0d\u4e86username\u7684\u67d0\u4e9b\u7a0b\u5e8f\u2014\u2014\u56e0\u4e3a\u67d0\u4e9b\u73af\u5883\u53d8\u91cf\u7684\u95ee\u9898\u3002<\/p>\n
$ su - username<\/pre>\nshell\u4f1a\u5207\u6362\u5230username\u7684\u8eab\u4efd\uff0c\u4f46\u662fshell\u7684\u73af\u5883\u53d8\u91cf\u4f1a\u53d8\u6210username\u8eab\u4efd\u4e0b\u7684\u73af\u5883\u53d8\u91cf\u3002\u6240\u4ee5\u5efa\u8bae\u5728\u5207\u6362\u7528\u6237\u65f6\u4f7f\u7528\u540e\u4e00\u79cd\u7528\u6cd5\u3002<\/p>\n
==<\/p>\n
sudo\u547d\u4ee4\u7684-i\u9009\u9879<\/strong><\/h6>\n
-i, –login<\/p>\n
Run the shell specified by the target user’s password database entry as a login shell.\u00a0 This means that login-specific resource files such as .profile or .login will be read by the shell.<\/span>\u00a0 If a command is specified, it is passed to the shell for execution via the shell’s -c option.\u00a0 If no command is specified, an interactive shell is executed.\u00a0 sudo attempts to change to that user’s home directory before running the shell.\u00a0 The command is run with an environment similar to the one a user would receive at log in.\u00a0 The Command Environment section in the sudoers(5) manual documents how the -i option affects the environment in which a command is run when the sudoers policy is in use.<\/p><\/blockquote>\n
\u770b\u4e0a\u53bb\u7c7b\u4f3c\u4e8e\u4e0a\u9762\u7684 su – \uff0c\u90fd\u662f\u4f7f\u7528\u88ab\u5207\u6362\u7528\u6237\u81ea\u5df1\u7684\u73af\u5883\u53d8\u91cf\uff0c\u4e0d\u8fc7\u6682\u672a\u6d4b\u8bd5\u4e24\u8005\u4e4b\u95f4\u7684\u533a\u522b\uff0c\u53ef\u4ee5\u53c2\u8003\u540e\u9762\u7ed9\u51fa\u7684\u51e0\u4e2a\u94fe\u63a5\u3002<\/p>\n
==<\/p>\n
\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n
\n
- https:\/\/wiki.debian.org\/sudo<\/a><\/li>\n
- https:\/\/wiki.archlinux.org\/index.php\/Sudo_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)<\/a><\/li>\n
- http:\/\/www.sudo.ws\/sudo.man.html<\/a><\/li>\n
- https:\/\/wiki.archlinux.org\/index.php\/Su<\/a><\/li>\n
- ==<\/li>\n
- http:\/\/blog.tankywoo.com\/2015\/03\/02\/linux-su-vs-sudo.html<\/a><\/li>\n
- shell\u4e2dsudo\u548csu\u547d\u4ee4<\/a><\/li>\n
- ==<\/li>\n
- Hackers Hut: Environment variables<\/strong> http:\/\/www.win.tue.nl\/~aeb\/linux\/hh\/hh-8.html<\/a>\u00a0 #\u672a\u5c1d\u8bd5<\/li>\n
- https:\/\/www.securusglobal.com\/community\/2014\/03\/17\/how-i-got-root-with-sudo\/<\/a>\u00a0 #\u672a\u5c1d\u8bd5<\/li>\n<\/ul>\n
\u66f4\u591a\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n
\n
- http:\/\/serverfault.com\/questions\/62178\/how-to-specify-roots-environment-variable<\/a><\/li>\n
- http:\/\/stackoverflow.com\/questions\/216202\/why-does-an-ssh-remote-command-get-fewer-environment-variables-then-when-run-manu<\/a><\/li>\n
- ==<\/li>\n
- http:\/\/serverfault.com\/questions\/469539\/whats-the-difference-between-sudo-su-and-sudo-i<\/a><\/li>\n
- http:\/\/serverfault.com\/questions\/359856\/what-is-the-difference-between-sudo-i-and-sudo-su<\/a><\/li>\n
- ==<\/li>\n
- http:\/\/superuser.com\/questions\/232231\/how-do-i-make-sudo-preserve-my-environment-variables<\/a><\/li>\n
- http:\/\/unix.stackexchange.com\/questions\/4342\/how-do-i-get-sudo-u-user-to-use-the-users-env<\/a><\/li>\n
- http:\/\/askubuntu.com\/questions\/57915\/environment-variables-when-run-with-sudo<\/a><\/li>\n
- http:\/\/serverfault.com\/questions\/601140\/whats-the-difference-between-sudo-su-postgres-and-sudo-u-postgres<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
\u9996\u5148\uff0c\u5b9e\u5730\u770b\u770bsudo\u548csu\u547d\u4ee4\u7684\u4f4d\u7f6e\u548c\u76f8\u5173\u5c5e\u6027\uff1a root@ixyzero.com:~# whereis s […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,25],"tags":[264,126],"class_list":["post-2072","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-security","tag-su","tag-sudo"],"views":6179,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2072","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=2072"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2072\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=2072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=2072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=2072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}