Recent Changes - Search:
 Welcome to the Cisco Academy for Vision Impaired Linux Wiki.

PmWiki

edit SideBar

SuperUser

The rich multi-user unix heritage of Linux is most clearly demonstrated by this concept which is similar to Windows. In Windows you have an administrator account. But other users in Windows can also have administrator priviliges.

In Linux, the administrator is the super user. On many distributions, including Debian, this superuser's account is called root. Traditionally, the root account was literally in the system's root (slash) directory, but now it's typically in a directory under home along with other users. In Debgian and Ubuntu it is in the /root directory.

Ubuntu does not have a root account by default, but instead lets any permited user obtain superuser privileges via the sudo facility. This practice is considered more secure, and in fact can be implemented under any distribution if the administrator desires to make it so.

Su stands for SuperUser and Do means do as in doing and done. With the sudo command (sudo is all one word) a user can have administrator privileges for some but not all commands. By default, Ubuntu gives all commands access to anyone who is a sudoer, but of course that can be changed.

Another good default in Ubuntu is that only the first user created gets access to sudo. After that, if the sysadmin wishes others to also have sudo rights, he needs to add the chosen users to the sudoers group and perhaps, if he wishes, to limit their access, he will edit the sudoers file to restrict what they can do on is system.

For example, he could set it up so that one group of users can edit system configuration files but not change other users' permissions. He can give another group access to backup commands, and let them run system utilities but not permit them to add users or change files.

To make yourself superuser, type
sudo su
and you'll be prompted for your password, and if permitted, become the Super User.

To issue one command as Super User, type
sudo COMMAND
for example
sudo apt-get install tofrodos
which installs the utility that converts files to and from Unix and DOS.

When you issue a command by preceeding it with sudo, you are prompted for your password. The system checks that you have the necessary access rights to in fact issue that system-level command.

There is also a su command, which lets you become another user. If you type
su joseph
you are prompted for Joseph's password, and can then issue commands as if you were him. You obtain prermission to access files owned by Joseph in this way.

If you simplytype
su
you are prompted for a root password. This won't work on systems that don't have an actual root account.

On Ubuntu if you do not wish to prepend sudo to every command, you can type
sudo su
which tells Ubuntu to give you superuser priveleges. This is different than having a root account because you still have your own home directory and haven't changed your username. But files you create are now owned by root, and you are permitted to perform any command, , including deleting all the files.

Staying superuser is potentially dangerous, and for ordinary day-to-day work, it is recommended that people don't use sudo. However if you administer a system, installing packages, updating configuration files and setting up hardware, you will need to be superuser to get most of this accomplished.

Currently on Ubuntu, potential Superusers need to belong to the admin group and be placed in the sudoers file. A command called visudo is used to edit the sudoers file.

On BSD systems, users need to belong to a group called Wheel. Other distributions of Linux and Unix-like operating systems have different rules and procedures for implementing the sudo facility.

It is worth repeating that users often are confused by systems like Ubuntu that have no root account. Ubuntu sysadmins can eleavate anyone's priveleges to root level, so there's no problem with it lacking a root user. A cracker cannot keep attempting to log in to root, supplying passwords in the vain hope that one might work, because no root account exists.

But even though there is no root account the concept of root is ubiquitous. Super user's files are owned by root. And the sudo facility gives a far more fine-grained control over superuser access, because different superuser permissions can be granted to different users.

For example, John can be permitted to install packages, and Jim can reconfigure network access. On the simple setups we are using in class, we're not being asked to change this: if we use sudo we automatically have permission to do everything on the system.

With sudo, all system-level commands are logged, so later on an administrator can see exactly which account mounted the CD-rom, or installed a particular package, updated the system or edited a configuration file.

Edit - History - Print - Recent Changes - Search
Page last modified on May 10, 2012, at 04:16 AM