We were taught Windows when I was in School. I then opted for a Bachelor course in Computer Engineering where we were made to use Linux instead of Windows. They never taught about basics of Linux and directly started teaching programming. It was not that difficult for me because I was somewhat familiar with Linux. But still I have some doubts about the administrator or root or superuser system in Linux. Now my question comprises of several different sub questions. So here it goes:
-
I know that
#(hash) in the terminal prompt means that one is operating as a superuser and$(dollar) means that one is not. But even though my account is an Administrator account I don't see#on my terminal prompt. Instead I have to login using thesucommand to have Administrative rights. Why is that? -
Are the terms Administrator, root and superuser same? I'm confused because in Windows, there is just one term Administrator and if your account is an Admin account, then you are basically logged in with Admin privileges all the time i.e. one doesn't have to explicitly log in as an Admin unlike in Linux.
-
We have Ubuntu installed in our College computers where if you have to log in as admin, then you type in
suand then it prompts for password where you have to enter your current account password to become the superuser. But I didn't like the Ubuntu design so I switched to and installed Fedora on my laptop where the installation asked me for Two passwords, one for my normal account (which has admin rights) and the other for the 'root' user. So does that mean whenever I have to login as an admin using my normal account then I have to login my 'root' password instead of my normal password? And if that's the case, why did the software asked for my normal password if it won't give me the admin rights directly?
EDIT:
Can someone explain me the admin system in Linux? What is root? Why do I not have admin rights despite being an admin?
Best Answer
Every account on a Unix/Linux system has a numeric identifier, the "user ID" or UID. By convention, UID 0 (zero) is named "root", and is given special privileges (generally, the permission to access anything on the system).
You could just log in as the root user directly, if you have the root password. However, it's generally considered bad practice to do so.
For one thing, it's often the case that Unix/Linux gives you plenty of room to shoot yourself in the foot with no safety — there are many typos and accidents from which the easiest recovery is to do a complete reinstall and/or restore from backup. So, having to actually switch to root when you need to keeps you from accidentally doing something you didn't mean to.
It also helps limit the spread of malware. If your web browser is running under UID 0 — "as root", we say — then a programming bug could be exploited by remote websites to take complete control over your computer. Keeping to a "regular" user account limits that damage.
Both of these follow a general best practice called "the principle of least privilege" — which, honestly, is a good thing to follow in system design in general. You can read more in specific about reasons to not always run as root under Concern about logging in as root overrated?
Now, that leaves the question of how you can get access to protected things as a non-root user. There are two basic ways —
suandsudo. The first requires the root password, and the second, in usual configuration, requires your password. It's often the case that you usesudoto run a single command "as root", rather than switching to the root account for a whole session. (You can also do this withsu -c, something you will often see in documentation.) For a long discussion of the relative merits of these, see Which is the safest way to get root privileges: sudo, su or login?. (And, for completeness, there are other mechanisms which aren't sudo but work in the same way, like PackageKit, usually used for GUI applications.)You ask whether the terms "root", "superuser", and "administrator" are the same. "Root" and "superuser" basically are. To be precise, one might say: "The
rootaccount is the superuser, because it has UID 0.""Administrator" could mean the same thing, but in Fedora, we* use it in a slightly different way. Not every user on the system has the power to get root privileges via sudo. In Fedora in the default setup, members of the group
wheelcan do this. And, in the installer and in the documentation and other places, we call this an "administrator account". One that isn't root, but has the power to access root privileges.(Oh, and one final thing: that
#vs$in your prompt is just a visual convention and isn't definitive. You can change the environment variablePS1to make the prompt do all sorts of things.)* I work on Fedora.