![]() ![]() If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.Īs an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing. Using sudo in this way is prefered to using sudo -s and work with an interactive root shell, because the commands that you execute are logged. Typically, one would run single commands using sudo (hence the name "superuser do"): $ sudo apt-get install vim Again, the sudo utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions). One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. The sudo utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. Su is more seldom used interactively (on the command line). This may be done in startup scripts as the system is booting. Su is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). The older su utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords. As an ordinary user, you can at most delete your own files only. "Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't. This is analogous to using the sudo program.īy default on most Unices, the "administrator" account, root, is to be used only sparingly. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. Root access should be used in the same fashion. ![]() Clark Kent becomes Superman for only as long as necessary, in order to save people. Using a root account is rather like being Superman an administrator's regular user is more like Clark Kent.There is an analogy in Wikipedia you can consider: This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. Why can't you just give yourself permissions under your user name?įor security reasons, the root account is seldom used for day to day purposes. Actions in a shell, such as one initiated by su are not usually logged. all your actions are logged into the auth.log file.If you use su, you got a shell and can run inadvertently some (dangerous) programs, and you know explicitly what commands will run as the root and which others as you.you do not need to know the root password because it asks for your password,.Sudo allows you run a program as the root super user. ![]()
0 Comments
Leave a Reply. |