SUSE Linux Access Permissions | Beginning SUSE Linux: From Novice to Professional

As I've mentioned in earlier chapters, SUSE Linux has the root user and ordinary user types of accounts. By using the ordinary user account for your day-to-day work, you help keep your system secure.

Root and Ordinary Users

The root user account has power over the entire system, which is to say that it can read, write, or delete any file. This user is akin to the Administrator account under Windows XP, and you should be very careful when deploying this account because the potential for damage is high.

Then there is the ordinary user account, which is limited in what it can do. This type of user is limited to saving files in his or her own directory within the /home/ directory (although the system is usually configured so that an ordinary user can read files outside the /home/ direc-tory, too). A day-to-day user of SUSE Linux cannot delete files other than those that he created or for which he has explicitly been given permission to modify by someone else, as shown in the example in Figure 9-2. This is the type of user account that you should have set up during installation (as described in Chapter 5) and that you should use every day.

image from book
Figure 9-2. As a limited user, you cannot delete files outside your personal area.

Within SUSE Linux, only the root user has permission to access all the hardware or the entire file system, for instance. As an ordinary user, you're also limited in what hardware you can use and which settings you can alter. Again, only the root user has complete control over the system. It's practically impossible for ordinary users to do much damage, even if they (or a virus they accidentally download) try their hardest to do so.

Note

Along with the root and ordinary user accounts, there is a third type of SUSE Linux account, which is similar to a limited user account, except that it's used by the system for various tasks. These user accounts are usually invisible to ordinary users and work in the background. For example, the audio subsystem has its own user account that SUSE Linux uses to access the audio hardware. The concept of users and files is discussed in more depth in Chapter 15.

This means that you, as an ordinary user, have very few permissions within the system. This isn't much of an issue during day-to-day use. You can run programs and save your files in your private area on the hard disk, but that's about the limit of your powers.

Temporary Root User Access

To install most software, you need to be able to write files to areas outside your private area, so you need to temporarily become the root user. With SUSE Linux, this is easy to do by clicking the Administrator Mode button within YaST2. Also, usually when you attempt to perform an action that requires root privileges, a dialog box will pop up automatically, as shown in Figure 9-3.

image from book
Figure 9-3. Usually, if you attempt an action that needs root privileges, you will automatically be prompted for the root user password.

You should be careful where and how you use the root password. Once it has been entered, such as to allow a particular program to run, that program then has effective control over your system. If you enter the root password to allow a program to install, for example, that program has access to your entire system and can do what it wants. If it is malicious, there is a clear possibility for damage.

Note

You will usually be asked for the root password when you're making changes that affect the entire system and all the users on it. Configuring hardware will always require a root password, because it affects the entire system. Installing software requires a root password because, in many cases, it will be made available to all users on the system. On the other hand, changing your desktop wallpaper will affect only your user account, so no root password is required.