LFCS - Root Permissions

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
340
Reaction score
367
Credits
11,754
Part of any Linux system as well as the LFCS exam, is the understanding and use of Root permissions.
Root permissions give access to the permissions to perform any function on a Linux system. It is what someone using Windows would call Administrative privileges.
There are two ways to perform commands with Root permissions:
  1. su
  2. sudo
SU

The su command allows you to switch User accounts within the Terminal. There are a few items to consider when using su to switch to the Root account, but let’s first learn how to use the command.
The command is basically the following:

su <username>

By specifying the username of the account you want to use in the Terminal you must type in the password for the new account. With no other parameters for the command you will retain the current environment of the previous user. The main environment retained is the current working directory. If I am logged in as me and switch users then the current working directory does not change. For instance, let’s assume I am logged in and currently in my Home folder. If I switch users with no parameters then I would remain in my Home folder. You can see this in Figure 1.

Figure 01.jpg

FIGURE 1


You can see that under my user account (jarret) the Home folder was signified as ‘~’ and after switching users it became ‘home/jarret’.

NOTE: After switching users you can logout of the current user and back to the original account by entering ‘exit’.

Any environment settings made by the initial user account will remain. For example, we can create a test session variable called ‘A’ and assign it a value such as ‘11’. First, in a terminal type the command ‘echo $A’ and a blank line should be returned.

NOTE: If you should get a value back from the command then you should pick a different variable and test it to make sure it has no value. Make sure you then use that variable for the remainder of the examples the the variable ‘A’ is used.

Now we can assign a value to the variable with the command ‘export A=55’. We can verify the value has been set by issuing the command ‘echo $A’ again. A value of ‘55’ should be returned if you used my example.
Now you can switch users and then issue the ‘echo $A’ again as the new user. The response should be the same as before. If you are in another’s Home folder you should not be able to perform commands on the files because of a lack of permissions.
If we wish to switch users and get a new environment we use a dash (-) before the username as follows:

su - <username>

NOTE: Do NOT place the dash after the username. This will cause you to have an error:

bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell


Now you should login as another user and include the name at the end, but make sure there is a space between the dash and the username. If you execute the ‘echo $A’ command you should get a blank returned. Type ‘exit’ and go back to the original user and re-issue the ‘echo $A’ command. The value you set should be shown.
Another point is that when you switch users with the dash the current working directory is not retained either as shown in Figure 2.

Figure 02.jpg

FIGURE 2


I ran the Present Working Directory (pwd) command to show that the folder has changed as well as the echo command to see the variable ‘A’.
If no username is specified then the Root account is accepted as default. The dash (-) works here as well to change the environment. You must, of course, use the ‘sudo’ command before the ‘su’ command.

SUDO

Any user who wants to execute commands with Root privileges must be a member of the proper group.
On a Red Hat system the group is called ‘wheel’. On Debian based systems the group is called ‘root’. If you are not part of the group and you try to issue a command with Root privileges you should see something similar to the following:

<username> is not in the sudoers file. This incident will be reported.

To fix this error you need to add the user to the appropriate group for your distro.
To run a single command with Root privileges precede the command with ‘sudo’. You should be prompted for the password of your account. You do not need the actual Root password since your account is in the sudoers group for your distro.

NOTE: You can issue other sudo commands without needing to re-enter the password for five minutes. Once you enter the password you have five minutes before you must enter it again when a sudo command is used.

The sudoers file can be edited with the command:

sudo visudo

You may see lines within the file that are similar to:

root ALL=(ALL:ALL) ALL

The line allows the Root user, even logged in as a different user (with su or sudo), will be able to run commands as all users or groups. All commands are allowed.

Host Host-system=(user:group) commands

The Host is the user account being used such as Root. Host-system is the system on which the Host can run the specified commands. User sets the user privileges which can run the given commands as the specified user. Group are the groups which can run commands as the specified group. The commands are the specific commands which can be run bu the Host with specified privileges.
For example, let’s say we have a user named ‘sysadmin’ which needs to run gparted (/usr/sbin/gparted) as root on the Server called DRVServer. The line would be:

sysadmin DRVServer=(root:root) /usr/sbin/gparted

NOTE: Multiple Hosts-systems can be specified by separating them with commas.

All Together

If you switch users to another account and perform commands they will be issued with the rights of the new user. New files will be created with the current user set as the owner.
If you switch users to Root or use the sudo command to create a file then the owner of the file is Root.
Be aware what user you are using and with what permissions you have at the time. If you require Root privileges and you use the sudo command you will use your password. The actual Root password should not be shared with users. If they have Root or wheel permissions then they can perform commands with Root permissions using their own password.
Understand these concepts not only how they would work on a single system but in a networked environment. Practice switching users and performing commands to see how the environment can change.
Using sudo can be a very common task in everyday Linux usage.
 

Members online


Latest posts

Top