The Linux (actually, any Unix-based operating system) has a type of user that has unrestricted access to files and processes system: this is the user root or super-user. This article, aimed beginners, show you what the usefulness of this account and care that surround them. To do so, are discussed in the following subjects: processes and files, UID, and GID, and the commands su and sudo.
Processes and files
For a better understanding about the root user is need to understand that every file and every process (program running) of the system has an owner, or an owner that determines who can and how to use the file/process in question. Obviously, the owner has unrestricted access to your “belongings”, except when he locks a file/process against each other (yes, this it is possible to).
If you are a user of a Linux system, you can prevent the rest of the users to use their files. In the same way, there are files that can be locked to you.
In the case of files and processes connected with the functioning of the system, its owner is the natural root. This means that only he (and other users that are defined as “super the” users”) is that you can change them. The root also can act on any file or process from other users since, in the system, “he is a god”.
One of the ways to know who owns a particular file is by typing the following command at a terminal of the system:
ls -l file
Example:
ls -l /iw/abbreviationfinder.txt
Result: -rwx— 1 wester eng 1880 Feb 3 12:01 /iw/abbreviationfinder.txt
The result tells that the file in question belongs to the user wester and the group eng.
A file or a process always has an owner, but it is possible do with one or more groups of users have the same privileges about it. Thus, in the previous example, the user wester you can give unrestricted access to group eng to the file abbreviationfinder.txt.
UID and GID
Linux manages users and groups by numbers known as UID (Ube ID) and GID (Group ID). As you can see, the UID numbers are users and GID are numbers of groups. The names users and groups only serve to facilitate the human use of the computer.
A fact not yet mentioned, is that each user needs to belong to one or more groups. As each file or process belongs to a user, so this file/process belongs to the group of its owner. Thus, each file/process is associated with a UID and a GID.
The numbers for UID and GID range from 0 to 65536. Depending on the system, the threshold value may be greater. In the case of the root user, these values are always 0 (zero). So, to make a user has the same privileges as the root, it is necessary to that your GID is 0. This tells the system that the user in question is super-user.
Note: actually, there is a real UID and a Effective UID. The same occurs with the GID. The actual numbers usually are equal to the effective. The UIDs and GIDs are real used, basically, for accounting purposes, while the effective are the used to run.
The root user
As it could not leave of being, the Linux “sees” the root user as something special, as he (in fact, any user that has UID equal to 0) you can change the configuration system, configure network interfaces, manipulate users and groups, change the priorities of processes, etc.
For being so powerful, the root user is dangerous. Therefore, it should only be used in situations that can’t be worked by those who have not privileges of super user. Imagine, for example, that you are working with the root user. To meet a request for an emergency, you came out of the front of the computer without blocking it. Someone malicious realizes this and goes to his computer, deletes directories important to the system and “come out gently”. If you were using a common user, that is, a user without permissions to mess around in these directories, the one subject it would not have been able to delete them. There is still the possibility you make a mistake and put everything to lose…
The root user is so important that even his password should be well-crafted. It is recommended that it has at least 8 characters long and mix letters and numbers. In addition addition, it is recommended that you change this password at certain intervals of time (such as every 3 months) or when someone who was using the the root account will not use the computer (when the person leaves the company, for example). You can get more guidance about creation of passwords here.
Su command
You may be using the system through your user, when you realize that you will have to make a change configuration allowed only to root. A quick way and secure to do this is by the command su(substitute ube).
Type su in the terminal and the system will ask you to enter the root password. Then, you can make the modification required. When complete, just type exit or close the terminal and root privileges will be disabled again.
Note: it is also possible to use the command su to access another account. To do this, type:
su user
For example:
su wester
This feature is useful when, for example, it is necessary to to test a setting is made to a user or to a group.
To make use of the su, its user, and shall have the powers of user root at that time. However, their settings user are retained, that is, the settings set for the root user are not loaded. To do that with the current user acquires all of the configuration for the root user, you must type the command su followed by -:
su –
The sudo command
The command sudo is a feature more powerful than the su. This because, in him, it is possible to define who can use it and what commands can be executed by these users. In addition also, sudo can be configured to require the password again when the user stops using the system for a certain time, for example, for 10 minutes. The sudo configuration generally is done through the file /etc/sudoers.
The use of sudo is interesting because the user does not need to know the root password, you just need to have permission to use certain commands by the sudo. In addition, sudo allows you to record in a log file all activities carried out, something that it is very limited in the su.
Ending
The control over what users can or cannot do is one of the features that make Unix-based systems more insurance. How was it possible to note, the root user (super user or even the administrator) is the only one that can have unlimited access to system resources. As such, its use should be made only in situations that require it. For everyday tasks, you should use an ordinary user. To minimize the use of the user root, you can use the commands su and sudo.
To better understand how to deal with the root and other users, it is recommended to study the following subjects: permission of files, management of users and groups, and control processes.
