Working As Root | Ubuntu Unleashed 2011 Edition: Covering 10.10 and 11.04 (6th Edition)

The root, or super-user account, is a special account and user on UNIX and Linux systems. Super-user permissions are required in part because of the restrictive file permissions assigned to important system configuration files. You will need root permission to edit these files or to access or modify certain devices (such as hard drives). When logged in as root, you have total control over your system, which can be dangerous.

Note

As discussed earlier in the chapter, Ubuntu differs from other Linux distributions in that it allows normal users to work as the system administrator (or super user) when they require, by making use of the sudo command. Using the sudo command temporarily gives you super-user powers in order to carry out whatever command it is you have requested. However, before the command is executed you will be prompted for your password to make sure you want to carry it out. This level of protection will help save you from unwittingly destroying your Ubuntu system!

However there may be instances where you want to work in a root shell, or even enable the root account itself. To work in a root shell simply enter the command sudo -i to get the familiar # prompt, or enter sudo passwd root to allow you to create a password for the root account and therefore enable log in access for root.

When you work in root, you have the ability to destroy a running system with a simple invocation of the rm command like this:

$ sudo rm -fr /

This command line not only deletes files and directories, but also could wipe out file systems on other partitions and even remote computers. This alone is reason enough to take precautions when using root access.

The only time you should run Linux as the super-user is when booting to runlevel 1, or system maintenance mode, to configure the file system, for example, or to repair or maintain the system. Logging in and using Linux as the root operator isn't a good idea because it defeats the entire concept of file permissions.

Knowing how to run commands as root without logging in as root can help avoid serious missteps when configuring your system. Linux comes with a command named sudo that allows you to run one or more commands as root and then quickly return you to normal user status. For example, if you would like to edit your system's file system table (a simple text file that describes local or remote storage devices, their type, and location), you can use the sudo command like this:

$ sudo nano -w /etc/fstab Password:

After you press Enter, you will be prompted for a password that gives you access to root. This extra step can also help you "think before you leap" into the command. Enter the root password, and you will then be editing /etc/fstab using the nano editor with line wrapping disabled.

Caution

Before editing any important system or software service configuration file, make a backup copy. Then make sure to launch your text editor with line wrapping disabled. If you edit a configuration file without disabling line wrapping, you could insert spurious carriage returns and line feeds into its contents, causing the configured service to fail when restarting. By convention, nearly all configuration files are formatted for 80-character text width, but this is not always the case. By default, the vi and emacs editors don't use line wrap.

You can use sudo to assign specific users permission to perform specific tasks (similar to BSD UNIX and its "wheel" group of users). The sudo command works by first examining the file named sudoers under the /etc directory; you modify this file with the visudo command. See the section "Granting Root Privileges on OccasionThe sudo Command" in Chapter 14, "Managing Users," for details on how to configure and use sudo.

Creating Users

When a Linux system administrator creates a user, an entry in /etc/passwd for the user is created. The system also creates a directory, labeled with the user's username, in the /home directory. For example, if you create a user named bernice, the user's home directory is /home/bernice.

Note

In this chapter, you learn how to manage users from the command line. See Chapter 14 for more information on user administration with Ubuntu using graphical administration utilities.

Use the useradd command, along with a user's name to quickly create a user:

$ sudo useradd andrew

After creating the user, you must also create the user's initial password with the passwd command:

$ sudo passwd andrew Changing password for user andrew. New password: Retype new password: passwd: all authentication tokens updated successfully.

Enter the new password twice. If you do not create an initial password for a new user, the user will not be able to log in.

You can view useradd's default new user settings by using the command and its -D option like this:

$ sudo useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel

These options display the default group ID, home directory, account and password policy (active forever with no password expiration), the default shell, and the directory containing defaults for the shell.

The useradd command has many different command-line options. The command can be used to set policies and dates for the new user's password, assign a login shell, assign group membership, and other aspects of a user's account.

Deleting Users

Use the userdel command to delete users from your system. This command removes a user's entry in the system's /etc/passwd file. You should also use the command's -r option to remove all the user's files and directories (such as the user's mail spool file under /var/spool/mail):

$ sudo userdel -r winky

If you do not use the -r option, you have to manually delete the user's directory under /home, along with the user's /var/spool/mail queue.

Shutting Down the System

Use the shutdown command to shut down your system. The shutdown command has a number of different command-line options (such as shutting down at a predetermined time), but the fastest way to cleanly shut down Linux is to use the -h or halt option, followed by the word now or the numeral zero (0), like this:

$ sudo shutdown -h now

$ sudo shutdown -h 0

To incorporate a timed shutdown and a pertinent message to all active users, use shutdown's time and message options, like so:

$ sudo shutdown -h 18:30 "System is going down for maintenance this evening"

This example shuts down your system and provides a warning to all active users 15 minutes before the shutdown (or reboot). Shutting down a running server can be considered drastic, especially if there are active users or exchanges of important data occurring (such as a backup in progress). One good approach is to warn users ahead of time. This can be done by editing the system Message of the Day (MOTD) motd file, which displays a message to users after login. To create your custom MOTD, use a text editor and change the contents of /etc/motd. You can also make downtimes part of a regular schedule, perhaps to coincide with security audits, software updates, or hardware maintenance.

You should shut down Ubuntu only for a few very specific reasons:

You are not using the computer and want to conserve electrical power.
You need to perform system maintenance that requires any or all system services to be stopped.
You want to replace integral hardware.

Tip

Do not shut down your computer if you suspect that one or more intruders has infiltrated your system; instead, disconnect the machine from any or all networks and make a backup copy of your hard drives. You might want to also keep the machine running to examine the contents of memory and to examine system logs. See Chapter 18 and the section "Securing Your Network" on how to protect and monitor a network-connected system.

Rebooting the System

You should also use the shutdown command to reboot your system. The fastest way to cleanly reboot Linux is to use the -r option, and the word now or the numeral zero (0) :

# shutdown -r now

# shutdown -r 0

Rebooting or shutting down can both have dire consequences if performed at the wrong time (such as during backups or critical file transfers, which arouse the ire of your system's users). However, Linux-based operating systems are designed to properly stop active system services in an orderly fashion. Other commands you can use to shut down and reboot Linux are the halt and reboot commands, but the shutdown command is more flexible.

Related Ubuntu and Linux Commands

The following programs and built-in shell commands are commonly used when working at the command line. These commands are organized by category to help you understand the command's purpose. If you need to find full information for using the command, you can find that information under the command's man page.

Managing users and groups chage, chfn, chsh, edquota, gpasswd, groupadd, groupdel, groupmod, groups, mkpasswd, newgrp, newusers, passwd, umask, useradd, userdel, usermod
Managing files and file systems cat, cd, chattr, chmod, chown, compress, cp, dd, fdisk, find, gzip, ln, mkdir, mksfs, mount, mv, rm, rmdir, rpm, sort, swapon, swapoff, tar, touch, umount, uncompress, uniq, unzip, zip
Managing running programs bg, fg, kill, killall, nice, ps, pstree, renice, top, watch
Getting information apropos, cal, cat, cmp, date, diff, df, dir, dmesg, du, env, file, free, grep, head, info, last, less, locate, ls, lsattr, man, more, pinfo, ps, pwd, stat, strings, tac, tail, top, uname, uptime, vdir, vmstat, w, wc, whatis, whereis, which, who, whoami
Console text editors ed, jed, joe, mcedit, nano, red, sed, vim
Console Internet and network commands bing, elm, ftp, host, hostname, ifconfig, links, lynx, mail, mutt, ncftp, netconfig, netstat, pine, ping, pump, rdate, route, scp, sftp, ssh, tcpdump, TRaceroute, whois, wire-test