There is one user account on your Debian system that has the power to change anything: the root account. By power, I mean absolute power. The root user account can read, replace, or remove any file. It can read or write to any attached device. It can read or write to any part of the computer's memory. If there's even a mere suspicion that a piece of software is buggy or poses a security risk, there's no way you should run it as root.
Because of the power of the root account, sensible system administrators take a good deal of care when using it. The best rule of thumb is to do only the bare minimum of operations as root. Different users take different views on how to minimize root usage. Increasingly, Unix-like operating systems take the approach of going as far as to disable the root account and to use privilege-gaining tools such as
sudo to give normal users the ability to run programs as the root user when required.
This article introduces using
sudo to restrict superuser privileges. It is a good idea for you to get used to
sudo now, as the rest of this series will use it wherever you need root access to perform a task.
There are several ways to access the root account. The first is simply to log in to the machine's console as the root user. In normal operation, this is a bad idea, as it tends to encourage excessive use of the root account. However, when in single user mode for repair tasks, it's perfectly acceptable.
In normal operation, a user logs in to the system under his or her own account and wants to become root in order to run privileged commands. The
su program lets you do this. The following example shows what happens when you use
su to become root.
user@host:~$ su - Password: enter root's password here host:~#
You can use
The example shows the normal Debian command-line prompts in full, to show how they change when root successfully logs in. To save space in the future, I will normally use only the
$ prompt to denote the use of a normal user account and
# to denote a root login.
The hyphen argument (
su instructs it to behave as if root had logged in on the console, so that it executes whatever shell customizations are set up. The root user has the home directory /root by default, and using
su - will place you in that directory. Terminate the root session by exiting the shell with Ctrl-D or
su to start a root shell session is almost as tempting for bad habits as a console login, however. Although you can give the
--command option to
su to execute a single command, rather than entire shell, retyping root's password each time becomes tiresome. Furthermore, using
su means that you have to share the root password with anyone else who wants to run a program as root. Additionally, you can't restrict what those users can do as root. It may well be that you want them to run only one or two commands that require root privileges, not have dominion over your entire system.
sudo program provides a solution to these problems and allows a more flexible and controllable approach to regulating root privileges. Install it by becoming root conventionally with
su and using the
aptitude package manager to install the software. An upcoming column in this series will explain fully how to install the software.
$ su - # aptitude install sudo
sudo, you must give your normal user account full privileges. To do this, run the
visudo command as root. This will start up a text editor showing
sudo's configuration file. Find the line reading
root ALL=(ALL) ALL and copy it, substituting your username for root. Write out the file and quit the text editor.
The cautionary notice is shown only the first time you run
Now, quit the root login and log in to your regular user account. To test your new privileges, run
whoami both with and without
$ whoami username$ sudo whoami We trust you have received the usual lecture from the local system administrator. It usually boils down to these two things: 1. Respect the privacy of others. 2. Think before you type. Password: here, enter your own password root
From now on, you can prefix all commands that you need to run as root with
sudo and just use your own password. If you use
sudo again within 15 minutes, you won't need to reenter the password. If you add your user to the
sudo group, you need never enter your password to use
sudo. Assign this privilege with extreme care!
The /etc/sudoers configuration file controls the use of
sudo. You should never edit the file directly, but only through the use of the
visudo command. The expression of permissions in
sudoers is very flexible, allowing a tight degree of control over what others can run.
For example, to give the user
fred the ability to run the
kill program as root, add the following line to
fred ALL = /usr/bin/kill
ALL means that the command can be run on any machine, which is useful if you are sharing the
sudoers configuration over multiple machines on a network. The manual page describes the
sudoers file format in detail; read it with
man sudoers. Its very powerful flexibility allows fine-grained control over the allocation of privileges to users.
If you are happy with
sudo, you may wish to disable root's password completely, meaning that everybody must use
sudo to execute privileged commands. Do this with
sudo passwd -l root. To reverse the process, run
sudo passwd -u root.
One or two problems that arise from relying on
sudo exclusively can mean you need to be careful. These coincide with the use of systems such as NIS or LDAP to control user accounts--these systems use (possibly remote) databases to provider user information. If an operation you run under
sudo causes these services to fail, you will not be able to run
sudo again to get out of the mess, due to the system's not being able to find information on your user account.
The answer to this is either to not disable the root login, to perform such dangerous operations in a root shell, or to use
sudo -s to start a root shell session. Although such situations are rare, you should be aware of this risk, especially when running a development version of Debian, where failure during software upgrade is a possibility. Also, you can configure NIS or LDAP to fall back to a local user database, in which you can create yourself a backup account.
The best way to learn about root privileges on your Debian system is to read the manual pages for
sudo. Do this with the
Edd Dumbill is co-chair of the O'Reilly Open Source Convention. He is also chair of the XTech web technology conference. Edd conceived and developed Expectnation, a hosted service for organizing and producing conferences. Edd has also been Managing Editor for XML.com, a Debian developer, and GNOME contributor. He writes a blog called Behind the Times.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.