LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-23-2006, 02:29 AM   #1
tofee
Member
 
Registered: Mar 2006
Posts: 41

Rep: Reputation: 15
concept behind Superuser / su command ?


hi ,

what is the concept behind superuser ?

i would like to clear my concept of using command su . why and when we use this command ?

what permissions/diff between permissions are derived in case of a user and superuser ?

thanx.
 
Old 03-23-2006, 02:41 AM   #2
ghost_raf
LQ Newbie
 
Registered: May 2005
Location: South Africa
Distribution: suse 9.2 + mandrake 10.1
Posts: 13

Rep: Reputation: 0
"superuser" or root has access to all files on the system. you can mess up anything when you are logged on as root. so basically you only want to use su when neccesary otherwise work in a normal account.
 
Old 03-23-2006, 02:48 AM   #3
Haiyadragon
Member
 
Registered: Sep 2003
Location: Gorredijk, Netherlands
Distribution: Arch Linux
Posts: 400

Rep: Reputation: 30
Basicly a superuser can set permissions for any file on your system. And thus he can read and write to any file on the system. A normal user can read most files on the system, but can only write to the files assigned to him. Mostly that's only the files in the user's home directory.

You log in as a normal user so you or any program you run can't affect the system files. This is why most "viruses" would be a great deal less potent on an average Linux system, because they are run with user permissions. They can only affect the user's personal files.

There are also some other restrictions on normal user accounts. Such as running services on low ports.

When you have the need to edit system files or run a service on port 80 for example, you use `su` or `sudo` to gain temporary root permissions.
 
Old 03-23-2006, 03:11 AM   #4
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
As already mentioned, root or superuser is simply the user that "overrules" all other users. He has all privileges you can get on a Linux system. Normal users have restricted access to the system (ie no configuration of devices or network services, only access to some files).

"sudo" is a program that allows you to perform some commands as if you were root, while you're a regular user.
root however needs to set this up via a configuration file called /etc/sudoers, in which he can specify which users can execute which commands as if they were root. Needless to say, sudo access will need to be restricted
for system security.

"su", short for "switch user", allows you to change to a different user, providing you know that user's password. By default, "su" and "su -" switch to the root user. If you want to switch to a different user, you need to append the username at the end (ie "su some_user").
The "-" tells su if it needs to load the environment settings (like the .bashrc and .profile in the user's home directory) of the user you're switching to.

Internally, users are not represented by their name, but by a number, the UID (User Id). You can see these UIDs for each user in the file /etc/passwd. Commands like "ls -l" simply translate the UIDs (ie of file owner) to the human readable name quickly (and may have an option to bypass this translation for increased performance). When you run a program, this program is run under the UID that you are then under. You can see this, by looking at the output of "ps" (it lists the users that processes are running under). This information is important, for instance if the process is trying to access a file on disk, the system needs to know if the file permissions allow that, so it needs to know under which user the process is running.
When you "su" however, the system stores the UID that you were (to be able to return to the user after you "exit" from su) and changes the eUID (effective UID). When you access a file the eUID is used to check file permissions, so it's as if you have become the user you've su'ed to. If you run a program, it will also be started under your eUID, so it's as if the user you su'ed to has started the program. If you exit, the system simply resets the eUID to it's former value (which was stored) and the environment settings get reset too, because you're leaving the "su" shell (this also happens for "normal" shells: if you start a Bash shell, then enter "PATH=$PATH:/some/path"; and exit from Bash, the adjusted $PATH is also lost).
 
Old 03-23-2006, 11:55 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,183

Rep: Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212
Quote:
Ordinary Mortal program: "Computer, please delete all of the files in the system and modify this program-file with a virus."
Computer: "No way! And oh by the way, you're now dead."

SuperUser/Administrator program: (Same request.)
Computer: "Yes, master..."
Whether it's Windows or Linux, "need I say more?"

You may or may not have consciously run that program, but it ran as you with your privileges and did what you were authorized to do.

So, "you walk around carrying a gun but with the safety turned on." Squeeze the trigger and it goes "click." Not "bang."

Windows gets most of its bad reputation because everyone's an Administrator and nobody has a password.
 
Old 03-23-2006, 11:56 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,183

Rep: Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212Reputation: 2212
... I should note that Windows has a userid/privilege system, and a fine one. It's just usually turned-off, for some very inexplicable reason.
 
Old 03-23-2006, 12:54 PM   #7
Haiyadragon
Member
 
Registered: Sep 2003
Location: Gorredijk, Netherlands
Distribution: Arch Linux
Posts: 400

Rep: Reputation: 30
Quote:
Originally Posted by sundialsvcs
... I should note that Windows has a userid/privilege system, and a fine one. It's just usually turned-off, for some very inexplicable reason.
Oh and for some reason Windows programmers (a lot of them anyway) assume a single-user environment. Or at least an environment where everybody has admin privileges. So Windows's privilege system has become something only an advanced user would use. Because it costs a lot of effort to set up correctly.
 
Old 03-24-2006, 03:11 AM   #8
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Let's not forget that Windows was first designed for single-user system, not multi-user ones like Unix and Linux. So it's kind of an "historical heritage" if you ask me...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Concept behind MX records wwnexc Linux - Networking 7 10-27-2005 10:28 PM
Routing concept ajkannan83 Linux - Networking 1 09-30-2005 06:27 AM
MX record concept SiLiCoN Linux - Networking 3 06-17-2005 07:57 AM
A new concept for install luiwo Linux - Hardware 1 09-05-2004 05:28 AM
LBA-H/w or S/w Concept?? LinuxUser813 Linux - Hardware 0 07-06-2004 03:59 AM


All times are GMT -5. The time now is 07:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration