if I'm already logged in as a valid
system user, why do I have to be a
superuser/root in order to modify
things that the sysadmin has already
deemed me worthy of accessing?
Who says that they have?
If you take a look at /etc/passwd
, you'll see that there are quite a few more users on your system than you think. For instance, mine looks like this:
┌─[pearson@Bragi] - [~] - [Mon Jan 03, 11:29]
└─[$]> cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
nobody:x:99:99:nobody:/:/bin/false
dbus:x:81:81:System message bus:/:/bin/false
pearson:x:1000:1000::/home/pearson:/bin/zsh
hal:x:82:82:HAL daemon:/:/bin/false
ntp:x:87:87:Network Time Protocol:/var/empty:/bin/false
avahi:x:84:84:Avahi daemon:/:/bin/false
temp:x:1001:1001::/home/temp:/bin/bash
mysql:x:89:89::/var/lib/mysql:/bin/false
mongodb:x:101:2::/var/lib/mongodb:/bin/false
usbmux:x:140:140:usbmux user:/:/sbin/nologin
kdm:x:135:135::/var/lib/kdm:/bin/false
deluge:x:125:125:Deluge user:/srv/deluge:/bin/false
Most of these are used by various daemons (programs that run without user interaction); they tend to have very limited permissions, because they don't need to do much. If they try to do something bad, either accidentally due to a software bug or intentionally because of a security exploit, they won't get far.
The bigger point is that users should only have access to what they need.
Now, if your question is, "Why do I need to type sudo
when I've already been added to sudoers
?", the answer is that sudo
runs things as root
, rather than as you. If we made all files accessible to your user directly, or you just ran as root on a normal basis, it's much easier to accidentally do Bad Things (rm -rf /*
comes to mind). Plus, it's really bad security practice to allow any application you run to do whatever it wants to your system - that's how a lot of spyware got installed on Windows machines before UAC.
Is there a GUI (Gnome, KDE) equivalent
to sudo?
gksu
, gksudo
, kdesu
, kdesudo
. It is a very good idea to get in the practice of using these for graphical applications, since they do some special finagling to prevent problems like this.
How do I log in as root
Don't. If you need a root shell, you can use sudo -s
, sudo -i
, or sudo su
.
Ubuntu ships with the root account locked, so you'll have to change the password for it to login (sudo passwd root
). After you've done that, you can lock (sudo passwd -l root
) and unlock (sudo passwd -u root
) the root account as you will. But really, keep it locked; you'll prevent a whole series of attacks that way.
and gain access to /root?!?
┌─[pearson@Bragi] - [~] - [Mon Jan 03, 11:54]
└─[$]> sudo -s
┌─[root@Bragi] - [~] - [Mon Jan 03, 11:54]
└─[$]> cd /root
But there's really no need.
Best Answer
The
mount
command takes information about current mounts from/etc/mtab
.In the past,
mtab
was a normal file re-created after every boot and updated by themount
command – so it wouldn't have arootfs /
entry simply because the rootfs is never explicitly mounted; it just always exists. (Such amtab
sometimes also has duplicate entries, or entries for filesystems that aren't mounted anymore...)Many current distros now symlink
mtab
to/proc/self/mounts
, which (like everything else in /proc) is directly generated by the kernel. Because of this, it always shows everything that is currently mounted, including bothrootfs /
and/dev/blah /
.You can use
cat /proc/self/mounts
on all distros to compare the mounts. (There also is/proc/self/mountinfo
, which uses an incompatible syntax but adds more detail.)