14.2. Becoming the Super-UserThe super-user is a special user ID (0) that has permission to do practically anything on a Linux system. Because of this, you can see how important it is for not "just anyone" to have this access, especially anyone with any malicious intentions. Most administration tasks require that you have super-user powers, and there are three common ways to get them:
Although the first method is very direct, there are some dangers associated with it. If you log in as "root," every single command that you execute will have super-user privilegeseven the ones with errors in them. Imagine typing "rm -r * .bak" instead of "rm -r *.bak" while in the "/" directory! Because of this, I strongly recommend that you avoid this method. Most distributions of Linux will actually ask you if you mean to login as "root" or put up a warning (like a red background) if you attempt to do so. 14.2.1. Using suA major advantage of using the su command (described in Chapter 4, "GNU Utilities for Power Users" on page 147) is that it logs who uses it and when. In an environment with more than one system administrator, it is sometimes hard to make sure the super-user password is given only to those who really need it. Having a log to examine helps you see who is using root privileges. 14.2.2. Using sudoAn alternative method of becoming the super-user available in most Linux systems is the sudo command, which works like this:
The advantages of sudo over su are many. sudo simplifies the process of becoming the super-user when you need to and so encourages you not to be super-user when you don't need it. It also provides more configurable access to root privileges. Those needing super-user access do not need to know the root password and, if necessary, can take away someone's super-user rights without having to change the root password. The only real disadvantage is that now your system can be compromised not only by someone obtaining the root password but also by someone obtaining the password of any of the users listed in the /etc/sudoers file. So if you choose to use sudo, you must be sure those who will be listed protect their own passwords as judiciously as they would the root password. |