Using the Root Account on Debian

Using the Root Account on Debian

by Edd Dumbill
12/01/2005

There is one user account on your Debian system that has the power to change anything: the root account. By power, I mean absolute power. The root user account can read, replace, or remove any file. It can read or write to any attached device. It can read or write to any part of the computer's memory. If there's even a mere suspicion that a piece of software is buggy or poses a security risk, there's no way you should run it as root.

Because of the power of the root account, sensible system administrators take a good deal of care when using it. The best rule of thumb is to do only the bare minimum of operations as root. Different users take different views on how to minimize root usage. Increasingly, Unix-like operating systems take the approach of going as far as to disable the root account and to use privilege-gaining tools such as sudo to give normal users the ability to run programs as the root user when required.

This article introduces using sudo to restrict superuser privileges. It is a good idea for you to get used to sudo now, as the rest of this series will use it wherever you need root access to perform a task.

Running Commands As root

There are several ways to access the root account. The first is simply to log in to the machine's console as the root user. In normal operation, this is a bad idea, as it tends to encourage excessive use of the root account. However, when in single user mode for repair tasks, it's perfectly acceptable.

In normal operation, a user logs in to the system under his or her own account and wants to become root in order to run privileged commands. The su program lets you do this. The following example shows what happens when you use su to become root.

Switching to the root account

user@host:~$ su -

Password:

enter root's password here

host:~#

The example shows the normal Debian command-line prompts in full, to show how they change when root successfully logs in. To save space in the future, I will normally use only the $ prompt to denote the use of a normal user account and # to denote a root login.

The hyphen argument (-) to su instructs it to behave as if root had logged in on the console, so that it executes whatever shell customizations are set up. The root user has the home directory /root by default, and using su - will place you in that directory. Terminate the root session by exiting the shell with Ctrl-D or exit.

Using su to start a root shell session is almost as tempting for bad habits as a console login, however. Although you can give the --command option to su to execute a single command, rather than entire shell, retyping root's password each time becomes tiresome. Furthermore, using su means that you have to share the root password with anyone else who wants to run a program as root. Additionally, you can't restrict what those users can do as root. It may well be that you want them to run only one or two commands that require root privileges, not have dominion over your entire system.

The sudo program provides a solution to these problems and allows a more flexible and controllable approach to regulating root privileges. Install it by becoming root conventionally with su and using the aptitude package manager to install the software. An upcoming column in this series will explain fully how to install the software.

$ su -

# aptitude install sudo

After installing sudo, you must give your normal user account full privileges. To do this, run the visudo command as root. This will start up a text editor showing sudo's configuration file. Find the line reading root ALL=(ALL) ALL and copy it, substituting your username for root. Write out the file and quit the text editor.

Now, quit the root login and log in to your regular user account. To test your new privileges, run whoami both with and without sudo.

$ whoami

username

$ sudo whoami



We trust you have received the usual lecture from the local system

administrator. It usually boils down to these two things:



        1. Respect the privacy of others.

        2. Think before you type.



Password:

here, enter your own password

root

From now on, you can prefix all commands that you need to run as root with sudo and just use your own password. If you use sudo again within 15 minutes, you won't need to reenter the password. If you add your user to the sudo group, you need never enter your password to use sudo. Assign this privilege with extreme care!

[1] [2] Next

Close    To Top
  • Prev Article-OS:
  • Next Article-OS:
    • Now: Tutorial for Web and Software Design > OS > Linux > OS Content
    Photoshop Tutorial
     

    Special Effect
      3D Effect
      Photoshop Articles
    Programming Tutorial
     

    C/C++ Tutorial

      Visual Basic
      C# Tutorial
    Database Tutorial
     

    MySQL Tutorial

      MS SQL Tutorial
      Oracle Tutorial
    Geek Tutorial
     

    Blogging Tutorial

      RSS Tutorial
      Podcasting Tutorial
    Graphic Design Tutorial
      Coreldraw Tutorial
      Illustrator Tutorial
      3D Tutorials
    Webmaster Articles
     

    Domain Service

      Web Hosting
      Site Promotion
    Java Tutorial/ Articles
     

    Java Servlets

      JavaEE Tutorial
     

    JavaBeans Tutorial

    XML Tutorial/ Articles
     

    XML Style

      AJAX Tutorial
      XML Mobile
    Flash Tutorial/ Articles
     

    Flash Video

      Action Script
      Flash Articles
    OS Tutorial/ Articles
      Linux Tutorial
      Symbian Tutorial
      MacOS Tutorial
    Personal Tech
      Hardware Tutorial
      Software Tutorial
      Online Auction