Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
thank you MensaWater: in addition to answering the question, your reply cleared up a misconception of mine. I was exposed to su at work, where it is referred to as SuperUser. it is used with no entry as <username>. I see now that it is not superuser, but is a switch to user=root, hence the 'super'. (we also use sudo, which is referred to as 'SuperUser Do Once'.
is there validity to the 'do once' component of the acronym?
thanks again for being kind to the new kids!
The root user is known as the "super user" which has nothing to do with the "su" command (except that you can become root by using that command). You can become the "super user", root, by logging in directly as root.
sudo = superuser do (not superuser do once). It allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. When you run "sudo <command>" you are saying to run the command as the root user. So if you run "sudo su -" you are saying to use root's permissions to switch from your current user to root. The benefit to using sudo is that when you are prompted for a password it is YOUR user password and NOT the root password so you do not have to give out the root password to users. It also does logging of who executed commands so can be a good audit trail for things.
Note that although it does the command as the superuser (root) it does not mean that the result is necessarily a root level access. For example if you did "sudo su - billybob" you'd end up switched to user billybob. Root would have done the switch but you would not have ever have gotten a root shell. We use this functionality here for application admin accounts where multiple users (e.g. DBAs) need to use a common admin account (e.g. mysql). We give each DBA a login then setup sudo to allow them to "sudo su - mysql". In this way we can see which DBA became mysql at which point in case there is a question later.
sudo isn't restricted to su though. You can give other commands as well. (e.g. sudo mount /cdrom would allow the user to mount filesystem /cdrom [which would have to be described in /etc/fstab for this simple syntax].)
When granting sudo access some key security considerations:
1) Do NOT give user's access to commands that can open a shell such as vi/vim. Since "sudo vim" would put the user in a vim session running as root they'd only have to type ":!/bin/bash" to get a shell and that shell would be the root shell.
2) If you wrote a script for a user to execute as sudo you must make sure that they can't break out of it at any point (because they end up with a root shell) and also need to insure the script is in a secure location that the user can't modify it because otherwise they could simply change it to do /bin/bash at start of script to get a shell prompt.
The sudoers file should only be edited with the visudo command (which for obvious reasons can only be run as root). This command will do syntax checking to verify what you're about to save isn't going to break sudo completely.
On UNIX/Linux there are man (manual) pages for most commands and other concepts. Typing:
will give you more details on each of those commands.
Also on Linux there are "info" pages that might give more information. Usually the man page will tell you if there is also an info page.
Last edited by MensaWater; 03-22-2012 at 11:16 AM.