Ubuntu – How to wrest ownership from root or get administrator privileges


I have been using Windows since Win 3.11 and have only been on Linux/Ubuntu for about three hours. I know things are done differently on Linux and I do not expect it to be as intuitive and user-friendly as Windows, so I am prepared for a few bumps on the road.

The first thing I do when moving to a new Windows version is to install a disk imaging software, because I always manage to screw something up when familiarizing myself with a new OS and then it is nice to be able to reinstall the system in a matter of minutes rather than hours. That is also the reason why I am always very particular about keeping OS and my documents and data separated on two different partitions.

I have installed Ubuntu 64bit on a dedicated HDD with an 8GB SWAP partition, a 20GB / partition and the rest allocated to a partition I named /D-Drive for documents, data and disk images. After installation, I installed an application called Partition Image from the Software Center and then I hit a brick wall!

The problem is that I cannot access my D-Drive, because for some reason that belongs to root and I cannot run Partition Image, because for some reason it also belongs to root (I did not download it as root). In Windows 7, I would just right-click and 'Run as Administrator' or give my user account administrator privileges, but I have not been able to figure out how to do either in Ubuntu.

How do I get around this annoying root issue and take ownership of my PC? Can I give my user account root rights or can I take over the root account as my primary login?

Please remember that I do not know anything about Linux yet, so I need a step-by-step description.

Best Answer

You probably need to change /D-drive's ownership, and might need to change its permissions. Specifically what you'll need to do depends on exactly what you're trying to accomplish:

  • If you want to use a partition mounted as /D-drive for one user (who is not root) to store data, just non-recursively take ownership of the mount point (do this while the drive is mounted).

    sudo chown $USER:$USER

    (If you're not logged in as the user who you want to give this ability, you must replace each instance of $USER with the username. Otherwise, that command can be run verbatim, as the $USER environment variable expands to the current user's username.)

    The reason to run chown without the -R flag (i.e., nonrecursively) is:

    1. Presumably you haven't put any files in /D-drive, so you don't need to change the ownership on files inside it. Once the ownership is properly set, you'll be able to put files in it, files created there will have those default permissions, and files moved or copied there will (usually) have the permissions of the originals.
    2. /D-drive will start out containing a folder called lost+found. This folder should remain where it is, nobody but root should be able to delete it, and nobody but root should be able to look inside it. This is used to store data recovered when fsck is run (which can happen either automatically or manually). Potentially any files (or parts of any files) could end up inside it. You might, at some point, want to create some files that some user cannot read. So lost+found should keep its default ownership and permissions.
  • If you want multiple users to be able to create, delete, and modify files inside /D-drive, including files written by other such users, then you should:

    1. Create a group.
    2. Put users who you want to have this ability into the group.
    3. Make this new group the group-owner of /D-drive.
    4. Set permissions on /D-drive so that:
      • Members of this new group have full control over it.
      • By default, any file created in it will be group-owned by this new group, rather than by its creator's primary group. (The setgid bit has this effect, when applied to directories.)

    Supposing you've decided to call this group team-d, here are the commands to do all this:

    1. sudo groupadd team-d
    2. sudo usermod -a -G team-d username (run this for each user you want in the group)
    3. sudo chgrp team-d /D-drive
    4. sudo chmod g+rws /D-drive
  • If you want multiple users to be able to put their files into /D-drive, and to be able to modify and delete them, but not to have that same ability with respect to each other's files, then you should:

    1. Create a group.
    2. Put users who you want to be able to store files in /D-drive in the new group.
    3. Make this new group the group-owner of D-drive.
    4. Set permissions on D-drive so that:
      • Members of the new group can access it, see what's inside, and create their own files there.
      • Members of the new group cannot rename or delete files created by other members of the group (that is, make it a sticky directory).

    Calling the group team-d as before, here are the commands to accomplish this:

    1. sudo groupadd team-d
    2. sudo usermod -a -G team-d username (run this for each user you want in the group)
    3. sudo chgrp team-d /D-drive
    4. sudo chmod +t /D-drive && sudo chmod g+rwx /D-drive
  • You probably do not want all users to be able to put files in /D-drive, since this would include user accounts that don't represent real people and exist only so that certain system services can be run with reduced abilities (for security reasons). If you look in the file /etc/passwd, you'll see users like mail, www-data, and backup.

    However, if you insist on allowing all users to access this directory (but not letting them rename or delete each other's files), you can do this by giving write permission to "others" (rather then owner or group-owner) and making it a sticky directory:

    sudo chmod o+rwxt /D-drive
Related Question