Linux – Understanding the Linux Root

linux

I've been using Linux (Ubuntu) for about 2 weeks now and am still struggling with some basic concept surrounding the root user:

Some terminal operations (such as making subdirectories inside a FHS directory such as /opt) require me to prefix the command with sudo – why? I guess what I'm choking on is: if I'm already logged in as a valid system user, why do I have to be a superuser/root in order to modify things that the sysadmin has already deemed me worthy of accessing?
Is there a GUI (Gnome, KDE) equivalent to sudo? Is there a way to assume a superuser role through a graphical context, rather than from inside a new shell?
I can't access the /root directory logged in as myself… but I installed the system to begin with and was never asked to create a root account! How do I log in as root and gain access to /root?

Best Answer

if I'm already logged in as a valid system user, why do I have to be a superuser/root in order to modify things that the sysadmin has already deemed me worthy of accessing?

Who says that they have?

If you take a look at /etc/passwd, you'll see that there are quite a few more users on your system than you think. For instance, mine looks like this:

┌─[pearson@Bragi] - [~] - [Mon Jan 03, 11:29]
└─[$]> cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
nobody:x:99:99:nobody:/:/bin/false
dbus:x:81:81:System message bus:/:/bin/false
pearson:x:1000:1000::/home/pearson:/bin/zsh
hal:x:82:82:HAL daemon:/:/bin/false
ntp:x:87:87:Network Time Protocol:/var/empty:/bin/false
avahi:x:84:84:Avahi daemon:/:/bin/false
temp:x:1001:1001::/home/temp:/bin/bash
mysql:x:89:89::/var/lib/mysql:/bin/false
mongodb:x:101:2::/var/lib/mongodb:/bin/false
usbmux:x:140:140:usbmux user:/:/sbin/nologin
kdm:x:135:135::/var/lib/kdm:/bin/false
deluge:x:125:125:Deluge user:/srv/deluge:/bin/false

Most of these are used by various daemons (programs that run without user interaction); they tend to have very limited permissions, because they don't need to do much. If they try to do something bad, either accidentally due to a software bug or intentionally because of a security exploit, they won't get far.

The bigger point is that users should only have access to what they need.

Now, if your question is, "Why do I need to type sudo when I've already been added to sudoers?", the answer is that sudo runs things as root, rather than as you. If we made all files accessible to your user directly, or you just ran as root on a normal basis, it's much easier to accidentally do Bad Things (rm -rf /* comes to mind). Plus, it's really bad security practice to allow any application you run to do whatever it wants to your system - that's how a lot of spyware got installed on Windows machines before UAC.

Is there a GUI (Gnome, KDE) equivalent to sudo?

gksu, gksudo, kdesu, kdesudo. It is a very good idea to get in the practice of using these for graphical applications, since they do some special finagling to prevent problems like this.

How do I log in as root

Don't. If you need a root shell, you can use sudo -s, sudo -i, or sudo su.

Ubuntu ships with the root account locked, so you'll have to change the password for it to login (sudo passwd root). After you've done that, you can lock (sudo passwd -l root) and unlock (sudo passwd -u root) the root account as you will. But really, keep it locked; you'll prevent a whole series of attacks that way.

and gain access to /root?!?

┌─[pearson@Bragi] - [~] - [Mon Jan 03, 11:54]
└─[$]> sudo -s
┌─[root@Bragi] - [~] - [Mon Jan 03, 11:54]
└─[$]> cd /root

But there's really no need.

Best Answer

Related Solutions

Linux, Mac, Unix – Super Users and the Home Directory

Linux – Most secure way to access the home Linux server while I am on the road? Specialized solution wanted

Related Question