The Superuser All server-class operating systems (including UNIX) separate average users from the users who administer the system. Usually this is done by having a special account or accounts that have much more extensive privileges. On UNIX systems, this account is named root. The root user is distinguished from other users by having a UID (User Identification number) of 0. On any UNIX system, the root user has all privileges to all things. The root user may view, alter or delete any file on the system, add or remove users, change process priorities, and even control the operation of hardware devices like tape drives. For obvious reasons, most of these functions are not available to average users. Essentially, the root user can do anything he/she wishes. A popular comic strip among system administrators has the caption "God, root, what is difference?" On a UNIX system, the root user really is the local demigod. (No one has ever accused a system administrator of having a small ego.) Unfortunately, the root user has all of the privileges necessary to do stupid things as well as useful things. Since all of the system safeguards are bypassed by root, the root user has the capability to do anything from deleting every file on the system to corrupting essential password data files. System administrators like to swap horror stories of what an accidental keystroke made in a command entered as root can do to a system. This point cannot possibly be stressed enough - always, always, always double-check every command you type as root before pressing the Enter key. No matter how many times I say this or you read it, you'll get sloppy once and destroy an entire system by being foolish. Every system administrator has done it - lucky ones did it to a system that wasn't all that important. (Wiping your organization's database server has been known to be bad for job security.) Smart system administrators learn from their one mistake - ones that are mistake-prone usually end up licking stamps in the mailroom. Knowing how to become the root user on a UNIX system is a lot easier than knowing how to use it properly - just type su at the command prompt. The system will prompt you for the password to the root account, and start a copy of the command shell with root privileges if the correct password is given. In addition to using it to assume rootly powers, a system administrator can use the su command to become any other user on the system by typing su followed by the user's login name. As an example, typing
su johndoe
would let you become user johndoe and assume all of
his rights and privileges. This ability is pretty useful when a user has
mysterious problems with their account that need troubleshooting.
Since the root account has the power to serious damage the system or compromise
data, a few words about security are in order here. Almost every modern flavor
of UNIX prevents the root user from being able to log in remotely. In other
words, for a user to become root they must either be sitting in front of the
physical system or logged onto the system as a user other than root. This
safeguard prevents root password-guessing attempts by anybody with an Internet
connection. Secondly, the system administrator needs to pick a root password
that would be extraordinarily hard for anyone to guess (any password based on a
word in the dictionary is a bad idea.) By the same token, the root password
also needs to be something the system administrator can remember without having
to write down. Needless to say, forgetting the root password to a system is
also bad for job security. As an additional safeguard, some system
administrators change the permissions on the su
program so normal users cannot execute it - only users in a special group
(usually the system administrators) are allowed to use su.
To provide an additional level of security, a lot of system administrators
prefer to use a tool named sudo. su
has three main problems: anybody with the root password can do anything they
wish, commands executed as root are not logged, and it's easy to forget you
have root privileges on occasion and do something stupid. sudo
overcomes these problems by allowing the system administrator to specify which
commands each user can run as root, logging every command run as root, and
requiring that root privileges be specifically invoked for each usage.
Using sudo is relatively simple - simply type
sudo at the command line followed by the
command you want to run as root. For example, to delete a user's account using
sudo you would type
sudo userdel johndoe
As soon as you press the Enter key the system will prompt you for your login
password, rather than the root password, and execute the command with root
privileges. Between you entering your password and the command actually being
executed, sudo checks an access control file
(usually located at /etc/sudoers) to make sure you
are allowed to use sudo, and that you are
allowed to execute the desired command. If the user running
sudo is not in the
/etc/sudoers file, the root account on the
system is immediately sent an email message indicating that a possible attempt
to compromise the system is under way. The format of the
/etc/sudoers file is relatively simple - the
default file comes with several examples of the basic functionality. For
information on how to install sudo if it
isn't already on your system, see the section of this Guide dealing with security.
|
Generously hosted by: