| As you probably already know, the root account on a Unix system can do literally anything. This is the administrator's special account, and you had to set a password for it during the system install. Code listing 3.1. Using su to become root. [chrish@dhcppc2 chrish]$ id uid=500(chrish) gid=500(chrish)  groups=500(chrish) [chrish@dhcppc2 chrish]$ su - Password: [root@dhcppc2 root]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), 4(adm),6(disk),10(wheel) [root@dhcppc2 root]# exit logout [chrish@dhcppc2 chrish]$ id uid=500(chrish) gid=500(chrish) groups=500(chrish)
When you're modifying system-configuration files, mounting new file systems, or backing up the home directories of your users, you're going to need to be logged in as root. Unfortunately, being logged in as root is a security problem. If you leave a root shell open on your desktop, anyone stopping by your desk can destroy your machine in seconds, or install software that captures login names and passwords. It's also easy to accidentally delete important files or directories. To start a root shell with su 1. | su -
The su command (substitute user) lets you quickly switch to another account, usually root (Code Listing 3.1), without logging out of your current account. This is handy if you have several tasks that need to be completed as root, because it starts a new root shell that exists until you exit.
| 2. | Type the root password at the Password prompt, then press Enter.
Being able to just pop into the root account by typing two characters wouldn't be good for system security, so you also need to know root's password.
| 3. | Do the work that needs to be done as root, such as editing files in /etc.
| 4. | Type exit, then press Enter.
Since the root shell created by su remains until you exit, it's important to remember this step. Without it, you're leaving a root shell open on your desktop.
|
Code listing 3.2. Using su to become a specific user. [root@dhcppc2 root]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), 4(adm),6(disk),10(wheel) [root@dhcppc2 root]# su - chrish [chrish@dhcppc2 chrish]$ id uid=500(chrish) gid=500(chrish) groups=500(chrish) [chrish@dhcppc2 chrish]$ exit logout [root@dhcppc2 root]#
 Tips
Instead of using the exit command to end a shell session, you can almost always press Ctrl-D. You can specify a user name on the su command line (Code Listing 3.2) to act as that user instead of root. If you're logged in as root, you don't need to enter a password. Use the id command to see your current user ID and group ID, as well as the list of groups you belong to (Code Listing 3.1).
To run a single command as root with sudo 1. | sudo command
The sudo command ("su do," but usually pronounced like "pseudo") runs a single command as the root user (Code Listing 3.3).
Code listing 3.3. Using sudo to run a command as root. [chrish@dhcppc2 chrish]$ id uid=500(chrish) gid=500(chrish) groups=500(chrish) [chrish@dhcppc2 chrish]$ sudo id Password: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), 4(adm),6(disk),10(wheel) [chrish@dhcppc2 chrish]$ id uid=500(chrish) gid=500(chrish) groups=500(chrish)
| 2. | Type your password at the Password prompt, then press Enter.
Why is typing your own password enough security to give you access to root's powers? Because root had to add you to the /etc/sudoers file with appropriate permissions. If you're not in this file, you can't use sudo.
|
Tips You can specify a user name on the sudo command line with the -u option (Code Listing 3.4) to run the command as that user instead of root. Code listing 3.4. Using sudo to run a command as a specific user. [root@dhcppc2 root]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), 4(adm),6(disk),10(wheel) [root@dhcppc2 root]# sudo -u chrish id uid=500(chrish) gid=500(chrish) groups=500(chrish) [root@dhcppc2 root]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys), 4(adm),6(disk),10(wheel)
To add a user to the /etc/sudoers file, log in as root, then use your favorite text editor to add a line like this to the file (replace userid with the user's login name): userid ALL=(ALL) ALL
To add an entire group to the /etc/sudoers file, log in as root, then use your favorite text editor to add a line like this to the file (replace groupid with the group's name): %groupid ALL=(ALL) ALL
To switch to single-user mode Single-user mode shuts down most services and prevents other users from logging in to the system. This is great for doing system maintenance without worrying about destroying other people's work or corrupting the file system. Watch out, though. If you switch to single-user mode from a remote session (telnet or ssh, for example), you'll be kicked off the system, too, because the Internet services will be shut down. 1. | Tell the system to switch to single-user mode by doing one of the following:
The system shuts down everything except for the basic services, kicks off any users, and leaves you with a basic shell session (Figure 3.3).
Figure 3.3. Single-user mode (Fedora Core). 
| 2. | Perform your system maintenance, such as running file-system checks or updating the kernel.
| 3. | Reboot the system by doing one of the following:
|
The system reboots in all of its normal multiuser glory. |
