Archive for the ‘7 - Users and groups’ Category

VII – Users and groups

onsdag, juni 23rd, 2010

Linux user hierarchy is similar to that in real life. Top dog is the ‘root user’ similar to your family’s Godfather. Then you can have local admins which would correspond to the capos, the underbosses. Barely present in the food chain, lowest in rank, comes the regular user – the associates or as we call them in the street – the ‘local business men’. Needless to say they haven’t been ‘made’ and most of them never will. The root or Godfather can do pretty much anything he likes. He’s untouchable and no one to fuck with. In linux he alone can change the environmental setup and add users to the admin group etc. But with greats powers comes great responsibilities. Running your system as root user can be a dangerous thing since you are able to fuck up the system completely. Therefore it’s not recommended. There are ways to get around this dilemma though. But first let’s look at a simple task as switching user.

su – switch user

The magic word here is ’su’ – ’switch user’ and it goes something like ’su – a_user_name’. You’ll be prompted for the users password and if you’re able to crack it you’re in. One can note the ‘-’ in command ’su – a_user_name’. It’s optional but if it’s included you will also apply the environmental variables of the user when logging in to his account. If the user name is omitted like ’su -’ the system presumes you’re in for a root session and you will be logged in as such.

sudo – superuser do

As stated earlier it’s not recommended running shells in root user mode. In some linux systems you’re able to run specific commands that requires root user privileges with cmd ’sudo’. A regular user is unable to modify the file ‘/etc/passwd‘ but running ’sudo nano /etc/passwd’ will grant you the required rights. When running ’sudo’ you won’t be prompted for the root password but your own. Your authentication is valid for a couple of minutes so if you’re executing several ’sudo’ cmds in a row you probably won’t have to type you’re password for every single command.

I know what you’re thinking and I hate to admit it’s actually a valid question – “what’s the point of having restricted access to the root user magics if you can play God with the newfound ’sudo’ cmd?”. Well, you’re not able to use ’sudo’ unless the root user have given you these permissions in the first place. I have little faith in you but if you’re able to run the ’sudo’ cmd successfully, the root obviously does. Or maybe he was just looking for a cheap blow job.
Any average system should always log all ’sudo’ cmds. One way to do it is to modify the ‘/etc/sudoers‘ file. This file handles all rules to the ’sudo’ cmd. Check out this page in order to get an overview of the file and it’s rules.

sudo su

If you’re running several cmds that requires root privileges you might not want to use the sudo cmd all time but instead open up a root session. The most obvious way to do such a thing is to switch to the root user ‘su -‘. But to do that you must have the root password. If you’re not root yourself (hence, you don’t have the root password) there is another way. You can switch to a root session by running ‘sudo su -‘ which translates into “I need a root session but since I’m not the root but a somewhat authorized user I’d like to use my own password together with ’sudo’ to create that session“. So now you have a root session without knowing the root password just by typing your own password. Sweet huh? I need a drink.