On a unix system, ordinary users will get the message "Permission Denied"
if they try to perform tasks such as adding/deleting other users, adding/deleting
programs in /usr/bin or backing up all files in the directory /var/spool/mail
. Tasks such as these are system administration/maintenance tasks. To perform
the tasks that can only be done without the restrictions that apply to normal
user accounts, the administrator must use the superuser account.
The superuser account has the uid 0 and normally uses the username
root . This account is not restricted by any of the permissions
or constraints that apply to a normal user account. This allows the superuser
account to perform the required system maintenance activities. But the lack
of restrictions also means that the superuser account has none of the usual
safeguards and must be used with care; unix legends are full of stories of
administrators logged in as root who typed " rm -rf / " and deleted
the entire filesystem.
There are 2 ways that you can become root:
login as root (on Floppix all passwords are the same so the root password
is the same as your normal user password).
login using your normal user account and then enter the command: su
-
The su command (substitute user) allows you to take on another user identity;
if su is entered without specifying a username, it allows you to become superuser
(assuming that you have the superuser password).
Method 2 is preferable for 2 reasons:
If you are already logged in, you are more likely to exit from the superuser
account back to your own account when you are finished the administration
activities. When you are using your own account, a mistake will not bring
the entire system down.
If you su to the superuser account, a log entry shows the time, date and
username of the person who su'd to root.
Exercises:
Login using your own account.
Try to delete the file /etc/passwd . What message do you get?
Use the su command to become root.
Check the log and find the entry for the su command. ( on Floppix, the system
logs are directed to /dev/tty8 ; press [alt][F8] to see the logs; [alt][F1]
to return to console 1)
What is the output from each of the following commands?
who
who am i
whoami
IF YOU ARE NOT WORKING ON FLOPPIX STOP HERE- DO NOT CONTINUE.
If you are working on floppix, delete the file /etc/passwd .
Logout.
Now:
Can anyone login?
Can you use [alt][ctrl][del] to reboot?
How do you recover?
You can't! You will have to use the reset or power switch to restart your
system. On Floppix, this is annoying but it will give you access to your
system again.
If you were working on a real system, you have just locked everyone (including
yourself) out. To recover, you must load linux using a rescue diskette and
then restore your password file from system backups (as a good system
administrator, of course you have backup tapes.)
Remember, when you are working as root, you have no safeguards. Check every
command twice before you press [enter] . And if you are not sure what a command
will do, the root account is not the place to experiment.